HK Security Alert Instant Breaking News CSRF(CVE202558217)
WordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Hong Kong NGO Alert PHP Object Injection(CVE202558218)
WordPress Small Package Quotes – USPS Edition Plugin <= 1.3.9 - PHP Object Injection Vulnerability
HK Security Alert Xpro Elementor XSS(CVE202558195)
WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability
Hong Kong NGO Warns Trafft Booking XSS(CVE202558213)
WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability
AfterShip Plugin Broken Access Control Advisory(CVE202558201)
WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability
Community Notice CSRF in Simple Page Access(CVE202558202)
WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability
Security Advisory WpEvently PHP Object Injection(CVE202554742)
WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability
Public Advisory Printeers Print Ship Directory Traversal(CVE202548081)
WordPress Printeers Print & Ship plugin <= 1.17.0 - Directory Traversal vulnerability
Hong Kong Security NGO WordPress Import XSS(CVE20258490)
WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability
Stored XSS in Lazy Load Videos Plugin(CVE20257732)
WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability