WordPress Icons Factory Unauthenticated Deletion Vulnerability(CVE20257778)
Plugin Name Icons Factory Type of Vulnerability Unauthenticated File Deletion CVE Number CVE-2025-7778 Urgency High CVE Publish Date…
WordPress Lastfm Album Artwork CSRF Stored XSS(CVE20257684)
Plugin Name Last.fm Recent Album Artwork Type of Vulnerability CSRF and XSS CVE Number CVE-2025-7684 Urgency Low CVE…
HK Security Advisory Authenticated WordPress Bokun XSS(CVE20256221)
Plugin Name Embed Bokun Type of Vulnerability Authenticated Stored XSS CVE Number CVE-2025-6221 Urgency Low CVE Publish Date…
Hong Kong Alerts WordPress CSRF To XSS(CVE20257686)
Plugin Name weichuncai(WP伪春菜) Type of Vulnerability Stored XSS CVE Number CVE-2025-7686 Urgency Medium CVE Publish Date 2025-08-15 Source…
HK Security NGO alerts NextGEN Directory Deletion(CVE20257641)
WordPress Assistant for NextGEN Gallery plugin <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion vulnerability
Hong Kong Security WordPress README Parser XSS(CVE20258720)
WordPress Plugin README Parser plugin <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter vulnerability
HK Security Alert WordPress AI Pack Bypass(CVE20257664)
WordPress Al Pack plugin <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function vulnerability
HK Security NGO warns WordPress Surbma XSS(CVE20257649)
WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Hong Kong Security Alert StoryChief Unauthenticated Upload(CVE20257441)
WordPress StoryChief plugin <= 1.0.42 - Unauthenticated Arbitrary File Upload vulnerability
HK Security Alert Unauthenticated Poll Maker Data(CVE202412575)
WordPress Poll Maker plugin <= 5.8.9 - Unauthenticated Basic Information Exposure vulnerability