75 matches found
ThemeGrill Demo Importer < 1.6.2 - Database Reset
ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...
CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress Blaze Demo Importer plugin 1.0.0-1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Database Reset and File Deletion vulnerability discovered by kr0d in WordPress Plugin Blaze Demo Importer versions 1.0.0-1.0.13...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334
CVE-2025-13334 (Blaze Demo Importer, WordPress) is substantiated by multiple connected sources: Wordfence flags a vulnerability in Blaze Demo Importer versions 1.0.0–1.0.13 caused by a missing capability check in blaze_demo_importer_install_demo, enabling authenticated attackers with subscriber+ ...
EUVD-2025-202963
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress plugin Blaze Demo Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2020-30789
Malware in sbrugna...
EUVD-2024-47267
Malicious code in bioql PyPI...
EUVD-2025-4832
Malicious code in bioql PyPI...
EUVD-2024-16568
Malicious code in bioql PyPI...
CVE-2024-0780
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action...
CVE-2024-1501
The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via ...
CVE-2024-6120
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-13684
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...
CVE-2024-13684
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...
CVE-2024-13684 Reset <= 1.6 - Cross-Site Request Forgery to Database Reset
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...
CVE-2024-13684 Reset <= 1.6 - Cross-Site Request Forgery to Database Reset
The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...
WordPress Reset plugin <= 1.6 - Cross-Site Request Forgery to Database Reset vulnerability
Cross-Site Request Forgery to Database Reset vulnerability discovered by luckybuddy in WordPress Plugin Reset versions = 1.6...