WP Security
WWordPress Vulnerability Database

Hong Kong Security Alert Elementor Addons XSS(CVE20258215)

  • September 11, 2025
WordPress Responsive Addons for Elementor plugin <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory CatFolders SQL Injection(CVE20259776)

  • September 11, 2025
WordPress CatFolders plugin <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import vulnerability
Read More
WWordPress Vulnerability Database

HK Security NGO Alert PagBank PagSeguro SQL(CVE202510142)

  • September 10, 2025
WordPress PagBank / PagSeguro Connect plugin <= 4.44.3 - Authenticated (Shop Manager+) SQL Injection vulnerability
Read More
WWordPress Vulnerability Database

Community Security Advisory PeachPay SQL Injection(CVE20259463)

  • September 10, 2025
WordPress PeachPay Payments plugin <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter vulnerability
Read More
WWordPress Vulnerability Database

Protect Users from Accessibility Plugin Access Risk(CVE202558976)

  • September 9, 2025
WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security NGO Warns Welcart XSS Risk(CVE202558984)

  • September 9, 2025
WordPress Welcart e-Commerce Plugin <= 2.11.20 - Cross Site Scripting (XSS) Vulnerability
Read More
WWordPress Vulnerability Database

Public Advisory Include Me Plugin XSS Risk(CVE202558983)

  • September 9, 2025
WordPress Include Me Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability
Read More
WWordPress Vulnerability Database

Public Safety Notice Tutor LMS SQL Injection(CVE202558993)

  • September 9, 2025
WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability
Read More
WWordPress Vulnerability Database

Community Alert AutomatorWP Enables Remote Code Execution(CVE20259539)

  • September 8, 2025
WordPress AutomatorWP plugin <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation vulnerability
Read More
WWordPress Vulnerability Database

Doccure Plugin Subscriber File Upload Vulnerability Advisory(CVE20259112)

  • September 8, 2025
WordPress Doccure plugin <= 1.4.8 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0