WP Security
WWordPress Vulnerability Database

Hong Kong Security Alert Real Spaces Escalation(CVE20258218)

  • August 18, 2025
WordPress Real Spaces - WordPress Properties Directory Theme plugin <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert Media Library Deletion(CVE20258357)

  • August 18, 2025
WordPress Media Library Assistant plugin <= 3.27 - Authenticated (Author+) Limited File Deletion vulnerability
Read More
WWordPress Vulnerability Database

Community Alert Emmet Plugin XSS Threat(CVE202549894)

  • August 18, 2025
WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Notice Elizaibots XSS Vulnerability(CVE202549893)

  • August 18, 2025
WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Read More
WWordPress Vulnerability Database

HK NGO warns WordPress CSRF Object Injection(CVE202549895)

  • August 16, 2025
WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security WordPress Profile Builder XSS(CVE20258896)

  • August 16, 2025
Plugin Name Profile Builder Type of Vulnerability Stored XSS CVE Number CVE-2025-8896 Urgency Medium CVE Publish Date 2025-08-16…
Read More
WWordPress Vulnerability Database

WordPress BetterDocs Privacy Flaw Exposes Private Posts(CVE20257499)

  • August 16, 2025
Plugin Name BetterDocs Type of Vulnerability Broken Access Control CVE Number CVE-2025-7499 Urgency Low CVE Publish Date 2025-08-16…
Read More
WWordPress Vulnerability Database

Hong Kong Security NGO alerts Soledad LFI(CVE20258142)

  • August 16, 2025
WordPress Soledad plugin <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert WordPress iFrame XSS(CVE20258089)

  • August 16, 2025
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory WordPress Soledad Stored XSS(CVE20258143)

  • August 16, 2025
WordPress Soledad plugin <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h' vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0