Hong Kong NGO warns ProfilePress shortcode vulnerability(CVE20258878)
WordPress ProfilePress plugin <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability
HK Security NGO Warns CF7 Directory Traversal(CVE20258464)
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie vulnerability
Hong Kong Security NGO Alerts WPGYM LFI(CVE20253671)
WordPress WPGYM - Wordpress Gym Management System plugin <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update vulnerability
HK Security NGO Warns WPGYM Admin Flaw(CVE20256080)
WordPress WPGYM plugin <= 67.7.0 - Missing Authorization to Admin Account Creation vulnerability
Hong Kong Security Alert WordPress Calendar XSS(CVE20258293)
WordPress Intl DateTime Calendar plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter vulnerability
Hong Kong Security NGO Warns WordPress SQLi(CVE202412612)
WordPress School Management System for Wordpress plugin <= 93.2.0 - Unauthenticated SQL Injection vulnerability
Hong Kong Security Watch WordPress CSRF XSS(CVE20257668)
WordPress Linux Promotional Plugin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Hong Kong Advisory Authenticated Anber Elementor XSS(CVE20257440)
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link vulnerability
WordPress Icons Factory Unauthenticated Deletion Vulnerability(CVE20257778)
Plugin Name Icons Factory Type of Vulnerability Unauthenticated File Deletion CVE Number CVE-2025-7778 Urgency High CVE Publish Date…
WordPress Lastfm Album Artwork CSRF Stored XSS(CVE20257684)
Plugin Name Last.fm Recent Album Artwork Type of Vulnerability CSRF and XSS CVE Number CVE-2025-7684 Urgency Low CVE…