HK Security Advisory Events Calendar SQL Injection(CVE20259807)
WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability
Hong Kong Security Alert Enhanced BibliPlug XSS(CVE20259855)
WordPress Enhanced BibliPlug plugin <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting vulnerability
HK Security Advisory LH Signing Plugin CSRF(CVE20259633)
WordPress LH Signing plugin <= 2.83 - Cross-Site Request Forgery vulnerability
Stored XSS in AzureCurve BBCode Plugin(CVE20258398)
WordPress azurecurve BBCode plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode vulnerability
Hong Kong Security Alert ThemeLoom Widgets XSS(CVE20259861)
WordPress ThemeLoom Widgets plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
HK Security Advisory Certifica Stored XSS(CVE20258316)
WordPress Certifica WP plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter vulnerability
Hong Kong Security Alert Elementor Addons XSS(CVE20258215)
WordPress Responsive Addons for Elementor plugin <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Hong Kong Security Advisory CatFolders SQL Injection(CVE20259776)
WordPress CatFolders plugin <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import vulnerability
HK Security NGO Alert PagBank PagSeguro SQL(CVE202510142)
WordPress PagBank / PagSeguro Connect plugin <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection vulnerability
Community Security Advisory PeachPay SQL Injection(CVE20259463)
WordPress PeachPay Payments plugin <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter vulnerability