Hong Kong Security Alerts WordPress School IDOR(CVE202549896)
WordPress School Management Plugin <= 93.1.0 - Insecure Direct Object References (IDOR) Vulnerability
(CVE202549898)
WordPress School Management Plugin <= 93.2.0 - SQL Injection Vulnerability
Hong Kong NGO Alerts WordPress Pricing Vulnerability(CVE20257662)
Plugin Name Gestion de tarifs Type of Vulnerability Authenticated SQL Injection CVE Number CVE-2025-7662 Urgency Low CVE Publish…
Hong Kong NGO reports Radius Blocks XSS(CVE20255844)
WordPress Radius Blocks plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter vulnerability
Hong Kong NGO alerts WordPress BizCalendar LFI(CVE20257650)
WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability
WordPress EventON Lite Information Disclosure Risk(CVE20258091)
WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability
Hong Kong Security WordPress Alobaidi Captcha XSS(CVE20258080)
WordPress Alobaidi Captcha plugin <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
WordPress B Slider Exposes Subscriber Data(CVE20258676)
Plugin Name B Slider Type of Vulnerability Authenticated Data Exposure CVE Number CVE-2025-8676 Urgency Low CVE Publish Date…
Hong Kong Security Alert WordPress OTP Bypass(CVE20258342)
Urgent: Authentication Bypass in “Login with phone number” (
Hong Kong NGO Warns WordPress PPWP Flaw(CVE20255998)
WordPress PPWP plugin < 1.9.11 - Subscriber+ Access Bypass via REST API vulnerability
English 
Chinese (Hong Kong) 
Chinese (China)