WP Security
WWordPress Vulnerability Database

Hong Kong NGO Alert XSS Team Members(CVE202511560)

  • November 17, 2025
Cross Site Scripting (XSS) in WordPress Team Members Plugin Plugin
Read More
WWordPress Vulnerability Database

Patchstack Academy Hong Kong Security Outreach(CVE)

  • November 17, 2025
Welcome to Patchstack Academy
Read More
WWordPress Vulnerability Database

Creta Testimonial Plugin Local File Inclusion Vulnerability(CVE202510686)

  • November 17, 2025
WordPress Creta Testimonial Showcase plugin < 1.2.4 - Editor+ Local File Inclusion vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert Booking Plugin Flaw(CVE202564261)

  • November 17, 2025
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
Read More
WWordPress Vulnerability Database

Community Security Advisory CoSchedule Access Control Vulnerability(CVE202549913)

  • November 16, 2025
WordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert Survey Maker Flaw(CVE202564276)

  • November 16, 2025
WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory Envira Gallery Bypass(CVE202512377)

  • November 16, 2025
WordPress Gallery Plugin for WordPress – Envira Photo Gallery plugin <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert Theater Plugin Risk(CVE202564259)

  • November 15, 2025
WordPress Theater for WordPress plugin <= 0.18.8 - Broken Access Control vulnerability
Read More
WWordPress Vulnerability Database

Contest Gallery Plugin Missing Authorization Vulnerability(CVE202512849)

  • November 14, 2025
WordPress Contest Gallery plugin <= 28.0.2 - Missing Authorization vulnerability
Read More
WWordPress Vulnerability Database

HK Security Advisory SEO Plugin Media Deletion(CVE202512847)

  • November 14, 2025
WordPress All in One SEO plugin <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0
English
Chinese (Hong Kong) Chinese (China) Spanish Hindi French