Public Advisory Theme Importer CSRF Vulnerability(CVE202510312)
WordPress Theme Importer plugin <= 1.0 - Cross-Site Request Forgery vulnerability
Hong Kong Security Alert Lisfinity Privilege Escalation(CVE20256042)
WordPress Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin <= 1.4.0 - Unauthenticated Privilege Escalation to Editor vulnerability
Oceanpayment Plugin Permits Unauthenticated Order Status Changes(CVE202511728)
Plugin de passerelle de carte de crédit Oceanpayment WordPress <= 6.0 - Vulnérabilité de mise à jour de statut de commande non authentifiée manquante
Avis de sécurité Injection SQL Dynamically Display Posts (CVE202511501)
Plugin WordPress Dynamically Display Posts <= 1.1 - Vulnérabilité d'injection SQL non authentifiée
Community Advisory Shortcode Button Stored XSS(CVE202510194)
Plugin Bouton de Code Court WordPress <= 1.1.9 - Authentifié (Contributeur+) Vulnérabilité de Script Inter-Site Stocké
Community Security Alert Demo Import Kit Vulnerability(CVE202510051)
WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Community Alert NEX Forms SQL Injection(CVE202510185)
WordPress NEX-Forms – Plugin Ultimate Forms pour WordPress <= 9.1.6 - Vulnérabilité d'injection SQL authentifiée (Admin+)
Community Advisory Ovatheme Events Arbitrary Upload(CVE20256553)
WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability
Security Advisory Everest Backup Exposes User Data(CVE202511380)
WordPress Everest Backup plugin <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure vulnerability
HK Security Alert NEX Forms SQL Injection(CVE202510185)
WordPress NEX-Forms – Plugin Ultimate Forms pour WordPress <= 9.1.6 - Vulnérabilité d'injection SQL authentifiée (Admin+)