WP Security Vulnerability Report

Hong Kong Advisory Ajax Search Lite Exposure(CVE20257956)

2025年8月28日

WordPress Ajax Search Lite plugin <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler vulnerability

WWordPress 漏洞数据库

Beaver Builder 反射型跨站脚本漏洞（CVE20258897）

2025年8月28日

WordPress Beaver Builder 插件（Lite 版本）插件 <= 2.9.2.1 - 反射型跨站脚本漏洞

WWordPress 漏洞数据库

Community Alert ArcHub Authorization Vulnerability(CVE20250951)

2025年8月28日

WordPress ArcHub theme <= 1.2.12 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

WWordPress 漏洞数据库

Community Alert Hub Theme Authorization Weakness(CVE20250951)

2025年8月28日

WordPress Hub theme <= 5.0.7 - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated vulnerability

WWordPress 漏洞数据库

紧急建议 Managefy 插件路径遍历 (CVE20259345)

2025年8月28日

WordPress 文件管理器、代码编辑器和 Managefy 插件备份 <= 1.4.8 - 认证用户 (管理员+) 的路径遍历到任意文件下载漏洞

WWordPress 漏洞数据库

Hong Kong Security Alert StopBadBots Bypass(CVE20259376)

2025年8月28日

WordPress StopBadBots plugin <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass vulnerability

WWordPress 漏洞数据库

Hong Kong Security Alert ULike Pro Risk(CVE20249648)

2025年8月28日

WordPress WP ULike Pro plugin <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload vulnerability

WWordPress 漏洞数据库

Hong Kong Security Advisory Contributor Stored XSS(CVE20259346)

2025年8月28日

WordPress Booking Calendar plugin <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WWordPress 漏洞数据库

Community Advisory Pronamic Google Maps XSS(CVE20259352)

2025 年 8 月 27 日

WordPress Pronamic Google Maps plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WWordPress 漏洞数据库

Hong Kong Security Advisory UsersWP Stored XSS(CVE20259344)

2025 年 8 月 27 日

WordPress UsersWP plugin <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability