WordPress Security – 第 51 頁

香港非政府組織警告 WordPress PPWP 漏洞 (CVE20255998)

WordPress PPWP 插件 < 1.9.11 - 通過 REST API 漏洞繞過訂閱者+ 存取

WordPress QSM插件 < 10.2.3 - 通過CSRF漏洞進行模板創建

WordPress WooCommerce 插件訂單提示 <= 1.5.4 - 未經身份驗證的提示操控導致負值，從而導致未經授權的折扣漏洞

WordPress QSM插件 < 10.2.3 - 通過CSRF漏洞進行模板創建

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

WordPress 結構化內容插件 < 1.7.0 - 貢獻者存儲的 XSS 漏洞

WordPress WP Shopify插件 < 1.5.4 - 反射型XSS漏洞

WordPress Essential Addons for Elementor 插件 <= 6.2.2 - 經身份驗證的（貢獻者+）基於 DOM 的存儲型跨站腳本漏洞，通過 'data-gallery-items' 漏洞

WordPress Injection Guard plugin < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI'] vulnerability

WordPress Graphina - Elementor Charts and Graphs plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability