18 matches found
CVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
EUVD-2025-209110
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
CVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
CVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
CVE-2025-15445
The CVE concerns the Restaurant Cafeteria WordPress theme (
CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
PT-2026-28275
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...
EUVD-2024-53982
Malicious code in bioql PyPI...
CVE-2024-13810
The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zassimportzass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with...
CVE-2024-13810
CVE-2024-13810 affects Zass - WooCommerce Theme for WordPress (Zass theme) up to version 3.9.9.10. Networks: missing capability check on the zass_import_zass AJAX actions allows authenticated attackers with Subscriber-level access or higher to import demo content and overwrite the site. Connected...
WordPress plugin Zass 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-12781 Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...
WordPress Aurum theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import vulnerability
Missing Authorization to Authenticated Subscriber+ Demo Content Import vulnerability discovered by Lucio Sá in WordPress Theme Aurum versions = 4.0.2...
WordPress Spice Starter Sites plugin <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import vulnerability
Missing Authorization to Unauthenticated Demo Content Import vulnerability discovered by Lucio Sá in WordPress Plugin Spice Starter Sites versions = 1.2.5...
CVE-2024-8430
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spicestartersitesimportercreater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo conte...
CVE-2024-8430 Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spicestartersitesimportercreater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo conte...
PT-2024-39007 · WordPress · Spice Starter Sites
Name of the Vulnerable Software and Affected Versions: Spice Starter Sites plugin for WordPress versions 1.2.5 and earlier Description: The issue allows unauthorized modification of data due to a missing capability check on the spice starter sites importer creater function. This makes it possible...