WP Security

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

November 7, 2025

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WWordPress Vulnerability Database

Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)

November 7, 2025

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

WWordPress Vulnerability Database

Unauthenticated SQL Injection in Events Calendar(CVE202512197)

November 5, 2025

WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability

WWordPress Vulnerability Database

Urgent Community Advisory FunnelKit Email Vulnerability(CVE202512469)

November 5, 2025

WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability

WWordPress Vulnerability Database

Hong Kong Security Alert Depicter Slider Vulnerability(CVE202511373)

November 5, 2025

WordPress Depicter Slider plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload vulnerability

WWordPress Vulnerability Database

Community Alert Unauthenticated Document Access in WordPress(CVE202512384)

November 5, 2025

WordPress Document Embedder plugin <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation vulnerability

WWordPress Vulnerability Database

Community Alert Missing Authorization in Membership Plugin(CVE202511835)

November 5, 2025

WordPress Paid Membership Subscriptions plugin <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability

WWordPress Vulnerability Database

Community Alert Image Comparison Addon Unauthorized Upload(CVE202510896)

November 4, 2025

WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

WWordPress Vulnerability Database

Community Alert Image Comparison Addon Upload Vulnerability(CVE202510896)

November 4, 2025

WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

WWordPress Vulnerability Database

Security Advisory CSRF in Navigation Links Plugin(CVE202512188)

November 4, 2025

WordPress Posts Navigation Links for Sections and Headings plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)

Unauthenticated SQL Injection in Events Calendar(CVE202512197)

Urgent Community Advisory FunnelKit Email Vulnerability(CVE202512469)

Hong Kong Security Alert Depicter Slider Vulnerability(CVE202511373)

Community Alert Unauthenticated Document Access in WordPress(CVE202512384)

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)

Unauthenticated SQL Injection in Events Calendar(CVE202512197)

Urgent Community Advisory FunnelKit Email Vulnerability(CVE202512469)

Hong Kong Security Alert Depicter Slider Vulnerability(CVE202511373)

Community Alert Unauthenticated Document Access in WordPress(CVE202512384)

Community Alert Missing Authorization in Membership Plugin(CVE202511835)

Community Alert Image Comparison Addon Unauthorized Upload(CVE202510896)

Community Alert Image Comparison Addon Upload Vulnerability(CVE202510896)

Security Advisory CSRF in Navigation Links Plugin(CVE202512188)

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.