WP Security

Hong Kong Security Advisory Arbitrary Image Move(CVE202512494)

November 14, 2025

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move vulnerability

WWordPress Vulnerability Database

Community Security Alert Wishlist Plugin Deletion Flaw(CVE202512087)

November 12, 2025

WordPress Wishlist and Save for later for Woocommerce plugin <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion vulnerability

WWordPress Vulnerability Database

Add Multiple Marker Plugin Unauthorized Settings Risk(CVE202511999)

November 11, 2025

WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability

WWordPress Vulnerability Database

Hong Kong Security Alert Unauthenticated Information Exposure(CVE202511997)

November 10, 2025

WordPress Document Pro Elementor – Documentation & Knowledge Base plugin <= 1.0.9 - Unauthenticated Information Exposure vulnerability

WWordPress Vulnerability Database

Hong Kong Security Alert FunnelKit Vulnerability(CVE202510567)

November 10, 2025

WordPress FunnelKit plugin < 3.12.0.1 - Reflected XSS vulnerability

WWordPress Vulnerability Database

ZoloBlocks Access Control Vulnerability Community Advisory(CVE202549903)

November 9, 2025

WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

WWordPress Vulnerability Database

Community Alert Easy Digital Downloads Order Risk(CVE202511271)

November 9, 2025

WordPress Easy Digital Download plugin <= 3.5.2 - Insufficient Verification to Order Manipulation vulnerability

WWordPress Vulnerability Database

Public Security Advisory Events Calendar SQL Injection(CVE202512197)

November 8, 2025

WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability

WWordPress Vulnerability Database

Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)

November 7, 2025

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

WWordPress Vulnerability Database

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

November 7, 2025

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.