Hong Kong Security Alert Authenticated File Deletion(CVE20257846)
WordPress User Extra Fields plugin <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function vulnerability
Hong Kong Security Alert WooCommerce Data Exposure(CVE20237320)
WordPress WooCommerce plugin <= 7.8.2 - Sensitive Information Exposure vulnerability
Community Alert CSRF Risk in WordPress Sync(CVE202511976)
WordPress FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation vulnerability
Hong Kong Alert Listeo Stored XSS Threat(CVE20258413)
WordPress Listeo plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode vulnerability
Hong Kong Security Alert GenerateBlocks Options Exposure(CVE202511879)
WordPress GenerateBlocks plugin <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure vulnerability
Community Advisory PixelYourSite Plugin LFI Risk(CVE202510723)
WordPress PixelYourSite plugin < 11.1.2 - Admin+ LFI vulnerability
Hong Kong Security Alert ZoloBlocks Popup Flaw(CVE202512134)
WordPress ZoloBlocks plugin <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable vulnerability
Hong Kong Security Alert WordPress Template CSRF(CVE202512072)
WordPress Disable Content Editor For Specific Template plugin <= 2.0 - Cross-Site Request Forgery to Template Configuration Update vulnerability
Community Alert WordPress RapidResult SQL Injection(CVE202510748)
WordPress RapidResult plugin <= 1.2 - Authenticated (Contributor+) SQL Injection vulnerability
Security Advisory Arbitrary Order Refund Vulnerability(CVE202510570)
WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund vulnerability