WP Security

Browsing Tag

WordPress Security

587 posts
WWordPress Vulnerability Database

Hong Kong Security Advisory Contact Manager XSS(CVE20258783)

  • August 20, 2025
WordPress Contact Manager plugin <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' vulnerability
WWordPress Vulnerability Database

Community Alert ColorMag Demo Importer Vulnerability(CVE20259202)

  • August 20, 2025
WordPress ColorMag plugin <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation vulnerability
WWordPress Vulnerability Database

Community Alert Authenticated Stored Cross Site Scripting(CVE20258618)

  • August 20, 2025
WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode vulnerability
WWordPress Vulnerability Database

Community Advisory Contact Form 7 Injection Risk(CVE20258145)

  • August 20, 2025
WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection vulnerability
WWordPress Vulnerability Database

Community Security Alert Easy Digital Downloads CSRF(CVE20258102)

  • August 20, 2025
WordPress Easy Digital Downloads plugin <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory FunnelKit Privilege Escalation(CVE20257654)

  • August 18, 2025
Urgent: Privilege Escalation in Automation By Autonami (FunnelKit) — What WordPress Site Owners Must Do Now Plugin Name…
WWordPress Vulnerability Database

Alert Nexter Blocks Stored Cross Site Scripting(CVE20258567)

  • August 18, 2025
WordPress Nexter Blocks plugin <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
WWordPress Vulnerability Database

Hong Kong NGO alerts contributors about XSS(CVE20257496)

  • August 18, 2025
WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory FunnelKit Privilege Escalation(CVE20257654)

  • August 18, 2025
WordPress FunnelKit plugin <= 3.11.0.2 - Privilege Escalation vulnerability
WWordPress Vulnerability Database

Community Advisory Real Spaces Administrator Escalation(CVE20256758)

  • August 18, 2025
WordPress Real Spaces - WordPress Properties Directory Theme plugin <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' vulnerability
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.
en_USEnglish
zh_HKChinese (Hong Kong) zh_CNChinese (China) en_USEnglish

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0