Security Advisory Booster for WooCommerce File Upload(CVE202413342)
WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability
Hong Kong Security Advisory Slider Revolution Vulnerability(CVE20259217)
WordPress Slider Revolution plugin <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' vulnerability
Hong Kong Security Alert iATS SQL Injection(CVE20259441)
WordPress iATS Online Forms plugin <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability
Security Alert Related Posts Lite CSRF Vulnerability(CVE20259618)
WordPress Related Posts Lite plugin <= 1.12 - Cross-Site Request Forgery vulnerability
CSRF Vulnerability in Ultimate Tag Warrior Importer(CVE20259374)
WordPress Ultimate Tag Warrior Importer plugin <= 0.2 - Cross-Site Request Forgery vulnerability
Security Alert LWSCache Authorization Bypass Risk(CVE20258147)
WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability
Security Advisory List Subpages Plugin Stored XSS(CVE20258290)
WordPress List Subpages plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter vulnerability
Security Advisory OSM Map Widget Stored XSS(CVE20258619)
WordPress OSM Map Widget for Elementor plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL vulnerability
Community Advisory Stored XSS in Events Addon(CVE20258150)
WordPress Events Addon for Elementor plugin <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets vulnerability
Community Advisory RingCentral Two Factor Bypass(CVE20257955)
WordPress RingCentral Communications plugin 1.5-1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function