WP Security
WWordPress Vulnerability Database

Hong Kong Security Alert Unauthenticated Information Exposure(CVE202511997)

  • November 10, 2025
WordPress Document Pro Elementor – Documentation & Knowledge Base plugin <= 1.0.9 - Unauthenticated Information Exposure vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert FunnelKit Vulnerability(CVE202510567)

  • November 10, 2025
WordPress FunnelKit plugin < 3.12.0.1 - Reflected XSS vulnerability
Read More
WWordPress Vulnerability Database

ZoloBlocks Access Control Vulnerability Community Advisory(CVE202549903)

  • November 9, 2025
WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability
Read More
WWordPress Vulnerability Database

Community Alert Easy Digital Downloads Order Risk(CVE202511271)

  • November 9, 2025
WordPress Easy Digital Download plugin <= 3.5.2 - Insufficient Verification to Order Manipulation vulnerability
Read More
WWordPress Vulnerability Database

Public Security Advisory Events Calendar SQL Injection(CVE202512197)

  • November 8, 2025
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
Read More
WWordPress Vulnerability Database

Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)

  • November 7, 2025
WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

  • November 7, 2025
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)

  • November 7, 2025
WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability
Read More
WWordPress Vulnerability Database

Unauthenticated SQL Injection in Events Calendar(CVE202512197)

  • November 5, 2025
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
Read More
WWordPress Vulnerability Database

Urgent Community Advisory FunnelKit Email Vulnerability(CVE202512469)

  • November 5, 2025
WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0
English
Chinese (Hong Kong) Chinese (China) Spanish Hindi French