219094 matches found
CVE-2023-32959
CVE-2023-32959 is a WordPress Broken Access Control issue affecting multiple themes (e.g., MetroStore, SparkleStore, Kathmag, Online eStore, Appzend, SpiderMag, BuzzStore, Fitness Park, Sparklestore, etc.) with vulnerable versions generally prior to or equal to 1.x.y depending on the theme. The r...
CVE-2023-32959 WordPress MetroStore theme <= 1.3.2 - Broken Access Control
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2...
httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack
A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...
CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
EUVD-2023-60589
Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...
CVE-2023-25969
CVE-2023-25969 is aBroken Access Control issue reported across multiple WordPress plugins with unauthenticated access. Connected advisories show: Lead Form Elementor Builder: vulnerable <= 1.8.4; fixed in 1.8.5 TH Side Cart and Menu Cart for WooCommerce: vulnerable <= 1.1.1; fixed in 1.1.2 ...
CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
EUVD-2022-56005
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2022-45813
CVE-2022-45813 affects multiple WordPress/WooCommerce plugins via Broken Access Control and authorization bypass concerns. The BeRocket Advanced AJAX Product Filters entry cites a vulnerability in the plug‑in’s access control; Patchstack confirms the issue across several plugins (e.g., Product Ta...
CVE-2022-45813 WordPress Advanced AJAX Product Filters plugin <= 1.6.3.3 - Broken Access Control + CSRF
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...
CVE-2026-6269 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...
CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
CVE-2022-42479 WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
EUVD-2022-56003
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
MAL-2026-5637 Malicious code in tailwindcss-animotion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 774c1b953da3225f63374a2054512d7715ce872f4a82278fc0954fe3133e7e0b The package's main entry dist/index.cjs, with the same code in src/utils/helper.min.js aliases require to global.r and module to global.m, then...
Malicious code in sass-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0068d27fedb58c57dabb36f110b6410a8f422774734cee9ea53e7fdc7f66da5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5629 Malicious code in sass-formats (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...
CVE-2023-40200
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...