Community Security Alert osTicket Bridge CSRF XSS(CVE20259882)
WordPress osTicket WP Bridge plugin <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Community Security Advisory StoreEngine File Upload Flaw(CVE20259216)
WordPress StoreEngine plugin <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Hong Kong Security Alert StoreEngine Download Vulnerability(CVE20259215)
WordPress StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
Community Alert WordPress Plugin Directory Deletion(CVE202510188)
WordPress The Hack Repair Guy's Plugin Archiver plugin <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-content vulnerability
Community Security Alert Productive Style Plugin XSS(CVE20258394)
WordPress Productive Style plugin <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode vulnerability
Security Alert for Events Calendar Data Exposure(CVE20259808)
WordPress The Events Calendar plugin <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure vulnerability
Community Advisory Mailgun Plugin Data Exposure(CVE202559003)
WordPress WP Mailgun SMTP Plugin <= 1.0.7 - Sensitive Data Exposure Vulnerability
Road Fighter Theme Sensitive Data Exposure Alert(CVE202559003)
WordPress Road Fighter Theme <= 1.3.5 - Sensitive Data Exposure Vulnerability
Security Advisory Cloriato Lite Data Exposure(CVE202559003)
WordPress Cloriato Lite Theme <= 1.7.2 - Sensitive Data Exposure Vulnerability
HK Security Advisory Events Calendar SQL Injection(CVE20259807)
WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability