CVE-2026-9234

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

CVE-2026-9234

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

CVE-2026-9234

The CVE-2026-9234 entry identifies a vulnerability in the WordPress plugin JTL-Connector for WooCommerce (versions up to and including 2.4.1). The issue is Missing Authorization on three actions: admin_post_settings_save_woo-jtl-connector, and the AJAX actions wp_ajax_downloadJTLLogs and wp_ajax_...

PT-2026-45711

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the admin post settings save woo-jtl-connector action handled by JtlConnectorAdmin::save and on...

CVE-2026-8410

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

CVE-2026-0909 WP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' Parameter

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

EUVD-2023-54589

Malicious code in bioql PyPI...

EUVD-2022-7367

Malicious code in bioql PyPI...

CVE-2023-3178

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

CVE-2023-4741

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=diary/default/del of the component Delete Logs Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2024-8286 GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...

CVE-2024-13118

The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

WordPress plugin Custom Login Page Styler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-10665

The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpayviewlogcallback and yaadpaydeletelogcallback functions in all versions up to, and including, 2.2.4. This makes it possible for...

PT-2024-39596 · WordPress · Sendgrid For Wordpress

Name of the Vulnerable Software and Affected Versions: SendGrid for WordPress plugin versions up to, and including, 1.4 Description: The issue is related to a missing capability check on the wp mailplus clear logs function, which allows authenticated attackers with Subscriber-level access and abo...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which stems from a susceptibility to a path traversal attack that allows any user to delete...

CVE-2023-48652

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF via /ccm/system/dialogs/logs/deleteall/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated...

PT-2023-30873 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an attacker to force an admin user to delete server report logs on a web application to which they are currently authenticated via the API endpoint...

CVE-2023-4741

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=diary/default/del of the component Delete Logs Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...