Community Security Alert Keyy Two Factor Vulnerability(CVE202510293)
WordPress Keyy Two Factor Authentication (like Clef) plugin <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability
HK Security Advisory WPBakery Cross Site Scripting(CVE202511161)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability
Hong Kong Security Alert DocoDoco Upload Flaw(CVE202510754)
WordPress DocoDoco Store Locator plugin <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload vulnerability
Civic Security Advisory Theme Importer CSRF Risk(CVE202510312)
WordPress Theme Importer plugin <= 1.0 - Cross-Site Request Forgery vulnerability
HK NGO Warning SSRF in Pz LinkCard(CVE20258594)
WordPress Pz-LinkCard plugin < 2.5.7 - Contributor+ SSRF vulnerability
Hong Kong Security Alert Insecure Image Access(CVE202511176)
WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability
Security Notice OwnID Authentication Bypass(CVE202510294)
WordPress OwnID Passwordless Login plugin <= 1.3.4 - Authentication Bypass vulnerability
Hong Kong Security Advisory Tariffuxx SQL Injection(CVE202510682)
WordPress TARIFFUXX plugin <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode vulnerability
Hong Kong NGO Alert Zip Attachment Disclosure(CVE202511701)
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability
Hong Kong Civil Society Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability