WordPress Construction Light theme < 1.6.8 - Subscriber+ Arbitrary Plugin Activation vulnerability

Subscriber+ Arbitrary Plugin Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Construction Light versions 1.6.8...

CVE-2025-62960

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

CVE-2025-62960

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

CVE-2025-62960

CVE-2025-62960 is a Missing Authorization / Broken Access Control vulnerability reported for the WordPress theme Construction Light (affected: all versions up to 1.6.7). The Red Hat, NVD, CIRCL and CVE records consistently describe a lack of proper access control, enabling exploitation due to mis...

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52270

Name of the Vulnerable Software and Affected Versions Sparkle WP Construction Light versions through 1.6.7 Description A missing authorization issue exists in Sparkle WP Construction Light, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

EUVD-2025-203030

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

CVE-2025-10684

CVE-2025-10684 affects the Construction Light WordPress theme prior to version 1.6.8. Multiple sources (NVD, Red Hat, CIRCL, CVE list) describe a lack of authorization and CSRF protection for an AJAX activation action, allowing any authenticated user (e.g., subscribers) to activate arbitrary func...

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme Construction Light versions = 1.6.7...