524 matches found
CVE-2025-14392
The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...
mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
WordPress plugin Live CSS Preview 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
PT-2025-47997
The Autochat Automatic Conversation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax nopriv auycht saveCid' AJAX endpoint in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
CVE-2025-11003
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveuitemplate' function in all versions up to, and including, 3.5.08. This makes it possible for...
EUVD-2025-198378
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...
WordPress plugin Restrictions for BuddyPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
EUVD-2025-169287
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-12377 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-leve...
Malicious code in procyon-procyon-xml-planetology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98f22cb07a609a28b005e4e95f1395efe6c1caa1b328526d3412489ff07456b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-182666 Malicious code in inda-fodija-gf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45fe678312828b80956df96f554417487d1f7b6c1326808ca7e78f60ab9c8965 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184332 Malicious code in modiov-kifni-ufbaceuiacfovadfhjodmux (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3979d452969e987debe2a44a20571b97ba4f4fa412d7f89a7e2b75d9a6d312b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-184971 Malicious code in sonic-kg-tiffav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01b9307554b544d9058daaf9cc8515a62843981a9a279dbb15e57e6abad638ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in teate-thy-sonic-muid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 456591f5181f17ac53fb106b2eb4f514b7c4bf716947ed31905c6ae3eb133f20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178044 Malicious code in polymer-idas-radaf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0f58dee0c4e41cb831d0a1f27327fd2bf43e47996743601cf467b59b9268fd3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in butanaih-asafi-davaihu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f818902651415d435537d04f2dcc23e535362c8c7d44b261d3a8a53cebeeea72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in divata-tusintabi-ivdna (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a309c3837352c5c7009d8620c8b75f8cf9bbdfc4b17886ec113e909f28c1902d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-178087 Malicious code in polymer-rtte-trui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 162295dc1cba500e09cef962d84c19a648221c76f87a205e2e4075963b7125c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in infi-gafob-jagoitaga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38b3b6aa02cb61c4b69445182762e7a2605243cd5c507b0ad575f266bf7c1465 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...