Hong Kong Security WordPress Alobaidi Captcha XSS(CVE20258080)
WordPress Alobaidi Captcha plugin <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
WordPress B Slider Exposes Subscriber Data(CVE20258676)
Plugin Name B Slider Type of Vulnerability Authenticated Data Exposure CVE Number CVE-2025-8676 Urgency Low CVE Publish Date…
Hong Kong Security Alert WordPress OTP Bypass(CVE20258342)
Urgent: Authentication Bypass in “Login with phone number” (
Hong Kong NGO Warns WordPress PPWP Flaw(CVE20255998)
WordPress PPWP plugin < 1.9.11 - Subscriber+ Access Bypass via REST API vulnerability
Hong Kong Security QSM CSRF Template Creation(CVE20256790)
WordPress QSM plugin < 10.2.3 - Template Creation via CSRF vulnerability
Hong Kong Security Warns WooCommerce Tip Manipulation(CVE20256025)
WordPress Order Tip for WooCommerce plugin <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts vulnerability
Hong Kong NGO warns WordPress QSM CSRF(CVE20256790)
WordPress QSM plugin < 10.2.3 - Template Creation via CSRF vulnerability
Hong Kong Security Advisory WordPress Slider SSRF(CVE20258680)
WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Hong Kong Security NGO alerts WordPress XSS(CVE20253414)
WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability
Hong Kong NGO warns WordPress Shopify XSS(CVE20257808)
WordPress WP Shopify plugin < 1.5.4 - Reflected XSS vulnerability