36 matches found
RLSA-2026:19354 Important: PackageKit security update
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...
EUVD-2026-27193
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files...
SUSE-SU-2026:21427-1 Security update for PackageKit
This update for PackageKit fixes the following issues: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...
Important: PackageKit security update
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...
Important: PackageKit security update
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fixes: PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 For more details abou...
WordPress plugin Dreamer Blog 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2022-52203
Malicious code in bioql PyPI...
CVE-2025-1562
CVE-2025-1562 (FunnelKit Automations for WordPress,
Exploit for Missing Authorization in Stylemixthemes Motors_-_Car_Dealer\,_Classifieds_\&_Listing
CVE-2025-2807: Motors Plugin Exploit By: Nxploited | Khal...
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvlsetupwizardinstallplugin function in all versions up to, and including, 1.4.64. This makes it possible for authenticated...
CVE-2025-30911
The CVE-2025-30911 vulnerability affects the WordPress plugin RomethemeKit For Elementor (versions
WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
Arbitrary Plugin Installation/Activation to RCE vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin RTMKit versions = 1.5.4...
CVE-2025-25101 WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery CSRF vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7...
CVE-2025-25107 WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery CSRF vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1...
Hunk Companion Plugin for WordPress < 1.9.0 Arbitrary Plugin Installation
The WordPress Hunk Companion Plugin installed on the remote host is affected by an improper access control vulnerability allowing a remote and unauthenticated attacker to install any plugin on the affected WordPress instance. Note that the scanner has not tester for these issues but has instead...
CVE-2024-54369
CVE-2024-54369 pertains to Zita Site Builder (WordPress) up to version 1.0.2, where Missing Authorization to Arbitrary Plugin Installation enables Accessing/Activating plugins without proper ACL checks. Connected Red Hat advisory and RH security notes describe the issue as a Missing Authorization...
CVE-2022-4950 Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber...
CVE-2022-3881 WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and...
CVE-2022-3879 Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
The Car Dealer Dealership and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org...