Hong Kong Security NGO WordPress Import XSS (CVE20258490)
Plugin WordPress All-in-One WP Migration and Backup <= 7.97 - Vulnérabilité de script intersite stocké authentifié (Administrateur+) via importation
XSS stocké dans le plugin Lazy Load Videos (CVE20257732)
Plugin WordPress Lazy Load for Videos <= 2.18.7 - Vulnérabilité de script intersite stocké authentifié (Contributeur+) via les attributs data-video-title et href
Hong Kong Security Dokan Pro Élévation de privilèges (CVE20255931)
WordPress Dokan Pro plugin <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation vulnerability
Avis de sécurité communautaire SiteSEO XSS stocké(CVE20259277)
Plugin WordPress SiteSEO <= 1.2.7 - XSS stocké authentifié (Contributeur+) via vulnérabilité d'expression régulière cassée
Avis de sécurité de Hong Kong Traversée de chemin de shortcode (CVE20258562)
Urgent: Directory Traversal in ‘Custom Query Shortcode’ (≤ 0.4.0) — What WordPress Site Owners Need to Know and…
Liste des événements d'avis de sécurité de Hong Kong Escalade (CVE20256366)
WordPress Event List plugin <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Hong Kong Security Alert Plugin CSRF XSS(CVE20256247)
WordPress WordPress Automatic plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Community Advisory Vibes Plugin SQL Injection Vulnerability(CVE20259172)
WordPress Vibes plugin <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter vulnerability
Community Security Alert CSRF in WordPress Plugin(CVE202548303)
WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability