CVE-2026-7430

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet content when rendering JavaScript variables in the post editor. Specifically, the jqueryUiDialog method...

CVE-2026-7430

The CVE-2026-7430 affects the Post Snippets WordPress plugin (versions up to and including 4.0.19). The root cause is insufficient output escaping when importing snippets, where content is embedded directly into JavaScript strings in WPEditor.php (jqueryUiDialog) and bypasses wp_magic_quotes(), e...

WordPress Post Snippets – Custom WordPress Code Snippets Customizer plugin <= 4.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by a1batr0ss in WordPress Plugin Post Snippets versions = 4.0.19...

CMP WordPress < 4.0.19 - Broken Access Control

CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...

EUVD-2025-25268

Malicious code in bioql PyPI...

CVE-2025-9202

The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-9202

CVE-2025-9202 affects ColorMag for WordPress (versions ≤ 4.0.19). The vulnerability arises from a missing capability check in the welcome_notice_import_handler(), allowing authenticated users with Subscriber-level access and above to install the ThemeGrill Demo Importer plugin and modify data. Th...

PT-2025-33905 · Themegrill +1 · Themegrill-Demo-Importer +1

Name of the Vulnerable Software and Affected Versions: ColorMag versions prior to 4.0.20 Description: The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the welcome notice import handler function. This allows authenticated...

WordPress ColorMag plugin <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ ThemeGrill Demo Importer Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme ColorMag versions = 4.0.19...

WordPress ColorMag Theme <= 4.0.19 is vulnerable to Broken Access Control

Software ColorMag Type Theme Vulnerable versions = 4.0.19 Fixed in 4.0.20 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9202 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 43bacb806b7e Credits Dmitrii Ignatyev Required privilege...

SUSE CVE-2014-0244

The sysrecvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed UDP packet...

WordPress和WordPress plugin 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress CMP plugin version 4.0.19 prior to the authorization problem vulnerability, the vulnerability stems from the...

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update vulnerability

Unauthenticated Arbitrary CSS Update vulnerability discovered by Krzysztof Zając in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.18. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 4.0.19...

TerraMaster FS-210 Elevation of Privilege Vulnerability

TerraMaster FS-210 is a NAS Network Attached Storage device from TerraMaster, a Shenzhen, China based company. An elevation of privilege vulnerability exists in TerraMaster FS-210 version 4.0.19, which can be exploited to elevate privileges with the help of the 1.user.php file...

CVE-2019-18195

An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation...

CVE-2019-18383

TerraMaster FS-210 devices running firmware 4.0.19 are affected by CVE-2019-18383, an information-disclosure flaw that allows remote retrieval of the backup file terramaster_TNAS-00E43A_config_backup.bin without authentication. The issue is documented across multiple sources (NVD/Red Hat/CNVD/etc...

CVE-2019-18384

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=public%25252FadminOnlyRead.txt substring...

WordPress 4.0.x < 4.0.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...