Hong Kong Security Advisory Flexible Maps XSS(CVE20258622)
WordPress Flexible Maps plugin <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode vulnerability
Hong Kong Security Alert Real Spaces Escalation(CVE20258218)
WordPress Real Spaces - WordPress Properties Directory Theme plugin <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' vulnerability
Hong Kong Security Alert Media Library Deletion(CVE20258357)
WordPress Media Library Assistant plugin <= 3.27 - Authenticated (Author+) Limited File Deletion vulnerability
Community Alert Emmet Plugin XSS Threat(CVE202549894)
WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability
Hong Kong Security Notice Elizaibots XSS Vulnerability(CVE202549893)
WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
HK NGO warns WordPress CSRF Object Injection(CVE202549895)
WordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerability
Hong Kong Security WordPress Profile Builder XSS(CVE20258896)
Plugin Name Profile Builder Type of Vulnerability Stored XSS CVE Number CVE-2025-8896 Urgency Medium CVE Publish Date 2025-08-16…
WordPress BetterDocs Privacy Flaw Exposes Private Posts(CVE20257499)
Plugin Name BetterDocs Type of Vulnerability Broken Access Control CVE Number CVE-2025-7499 Urgency Low CVE Publish Date 2025-08-16…
Hong Kong Security NGO alerts Soledad LFI(CVE20258142)
WordPress Soledad plugin <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' vulnerability
Hong Kong Security Alert WordPress iFrame XSS(CVE20258089)
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability