Xagio SEO Backup Files Expose Sensitive Data(CVE202413807)
WordPress Xagio SEO plugin <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files vulnerability
Hong Kong Advisory Ajax Search Lite Exposure(CVE20257956)
WordPress Ajax Search Lite plugin <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler vulnerability
Beaver Builder Reflected Cross Site Scripting Vulnerability(CVE20258897)
WordPress Beaver Builder Plugin (Lite Version) plugin <= 2.9.2.1 - Reflected Cross-Site Scripting vulnerability
Community Alert ArcHub Authorization Vulnerability(CVE20250951)
WordPress ArcHub theme <= 1.2.12 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability
Community Alert Hub Theme Authorization Weakness(CVE20250951)
WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability
Urgent Advisory Managefy Plugin Path Traversal(CVE20259345)
WordPress File Manager, Code Editor, and Backup by Managefy plugin <= 1.4.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Download vulnerability
Hong Kong Security Alert StopBadBots Bypass(CVE20259376)
WordPress StopBadBots plugin <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass vulnerability
Hong Kong Security Alert ULike Pro Risk(CVE20249648)
WordPress WP ULike Pro plugin <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload vulnerability
Hong Kong Security Advisory Contributor Stored XSS(CVE20259346)
WordPress Booking Calendar plugin <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory Pronamic Google Maps XSS(CVE20259352)
WordPress Pronamic Google Maps plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability