CVE-2025-67988

CVE-2025-67988 targets the CozyStay WordPress theme (CozyStay) with an improper control of filenames for include/require statements, yielding a PHP Local File Inclusion. The vulnerability affects CozyStay: from n/a through

CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through 1.9.1...

CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through 1.9.1...

WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme CozyStay versions 1.9.1...

EUVD-2024-54103

Malicious code in bioql PyPI...

WordPress CozyStay theme < 1.7.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme CozyStay versions 1.7.1...

CVE-2025-49507 WordPress CozyStay theme < 1.7.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through 1.7.1...

WordPress CozyStay Theme < 1.7.1 is vulnerable to PHP Object Injection

Software CozyStay Type Theme Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49507 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 87cadbf62283 Credits Bonds Required privilege Unauthenticated Published 9 Jun...

CVE-2024-13412

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

CVE-2024-13412

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

CVE-2024-13412

CVE-2024-13412 affects CozyStay - Hotel Booking WordPress Theme. All versions up to and including 1.7.0 have a missing capability check in the ajax_handler function that allows unauthenticated attackers to perform arbitrary actions. The vulnerability is documented in multiple sources (Wordfence a...

CVE-2024-13412 CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler

The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...

WordPress CozyStay theme <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler vulnerability

Missing Authorization to Arbitrary Action Execution in ajaxhandler vulnerability discovered by Lucio Sá in WordPress Theme CozyStay versions = 1.7.0...

WordPress CozyStay theme <= 1.7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme CozyStay versions = 1.7.0...