Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)
WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability
Unauthenticated SQL Injection in Events Calendar(CVE202512197)
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
Urgent Community Advisory FunnelKit Email Vulnerability(CVE202512469)
WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability
Hong Kong Security Alert Depicter Slider Vulnerability(CVE202511373)
WordPress Depicter Slider plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload vulnerability
Community Alert Unauthenticated Document Access in WordPress(CVE202512384)
WordPress Document Embedder plugin <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation vulnerability
Community Alert Missing Authorization in Membership Plugin(CVE202511835)
WordPress Paid Membership Subscriptions plugin <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability
Community Alert Image Comparison Addon Unauthorized Upload(CVE202510896)
WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability
Community Alert Image Comparison Addon Upload Vulnerability(CVE202510896)
WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability
Security Advisory CSRF in Navigation Links Plugin(CVE202512188)
WordPress Posts Navigation Links for Sections and Headings plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability
DominoKit Plugin Poses Public Security Risk(CVE202512350)
WordPress DominoKit plugin <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update vulnerability