WordPress User Meta CSRF Exposes Stored XSS(CVE20257688)
WordPress Add User Meta plugin <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Hong Kong Security Alert WordPress LatestCheckins Flaw(CVE20257683)
WordPress LatestCheckins plugin <= 1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
HK Security NGO Alerts Unauthenticated File Upload(CVE20256679)
WordPress Bit Form – Contact Form plugin <= 2.20.3 - Unauthenticated Arbitrary File Upload vulnerability
Hong Kong Security Alerts WordPress Access Flaw(CVE202549895)
WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability
HK Security WordPress Video Plugin Access Vulnerability(CVE202549432)
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability
Hong Kong Security Alerts WordPress School IDOR(CVE202549896)
WordPress School Management Plugin <= 93.1.0 - Insecure Direct Object References (IDOR) Vulnerability
(CVE202549898)
WordPress School Management Plugin <= 93.2.0 - SQL Injection Vulnerability
Hong Kong NGO Alerts WordPress Pricing Vulnerability(CVE20257662)
Plugin Name Gestion de tarifs Type of Vulnerability Authenticated SQL Injection CVE Number CVE-2025-7662 Urgency Low CVE Publish…
Hong Kong NGO reports Radius Blocks XSS(CVE20255844)
WordPress Radius Blocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability
Hong Kong NGO alerts WordPress BizCalendar LFI(CVE20257650)
WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability