WordPress plugin VW School Education 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability

Software : Mavix Education Type : Theme Vulnerable versions : = 1.0 Fixed in : 1.1 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-11164 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID...

EUVD-2023-39124

Malicious code in bioql PyPI...

WordPress plugin education 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2023-0498

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability

Subscriber+ Arbitrary File Deletion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions 1.9.9.5.2...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Theme Palace TP Education plugin = 4.4 versions...

PT-2023-23613 · Theme Palace · Wp Education

Name of the Vulnerable Software and Affected Versions: Theme Palace TP Education plugin versions prior to 4.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be...

CVE-2023-35093

CVE-2023-35093 affects StylemixThemes MasterStudy LMS WordPress Plugin (

WordPress WP Education Plugin < 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Education Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0498 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bede27b04a59 Credits Lana Codes Required...

PT-2023-16309 · WordPress · Wp Education

Name of the Vulnerable Software and Affected Versions: WP Education WordPress plugin versions prior to 1.2.7 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...