Hong Kong Security Alert WordPress Unauthenticated Exposure(CVE20254390)
Plugin Name WP Private Content Plus Type of Vulnerability Unauthenticated Information Disclosure CVE Number CVE-2025-4390 Urgency Low CVE…
Hong Kong Security Advisory Stored XSS Slider(CVE20258690)
WordPress Simple Responsive Slider plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Hong Kong Security Advisory WordPress Elementor XSS(CVE20258874)
WordPress Master Addons for Elementor plugin <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox vulnerability
HK Security Alerts WordPress RT Builder XSS(CVE20258462)
WordPress RT Easy Builder plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Hong Kong Security Warns WordPress Mosaic Generator XSS(CVE20258621)
WordPress Mosaic Generator plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter vulnerability
Hong Kong Security Avatar Migration Authorization Flaw(CVE20258482)
WordPress Simple Local Avatars plugin <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration vulnerability
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688)
WordPress Inline Stock Quotes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode vulnerability
Hong Kong Security NGO warns WordPress XSS(CVE20258685)
WordPress Wp chart generator plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode vulnerability
GMap Venturit Stored XSS Alert for HK(CVE20258568)
WordPress GMap - Venturit plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter vulnerability
Authenticated CSV Injection in AnWP Football Leagues(CVE20258767)
WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability