68 matches found
CVE-2026-48906
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
EUVD-2026-32162
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
CVE-2026-48906
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
CVE-2026-48906
CVE-2026-48906 affects the Tassos Framework Plugin (Novarain/Tassos Framework) used with Joomla. The CVE records describe an arbitrary file deletion vulnerability in the plugin prior to version 6.1.0, enabling deletion of arbitrary files on affected sites. The CVSS analysis indicates remote acces...
PT-2026-43681
Name of the Vulnerable Software and Affected Versions Tassos Framework versions prior to 6.1.0 Description A flaw in the Tassos Framework Plugin enables users to perform arbitrary file deletion on affected sites. Arbitrary file deletion is a condition where an attacker can delete any file on the...
Tassos Framework Plugin 访问控制错误漏洞
The Tassos Framework Plugin is a Joomla extension and functionality enhancement framework developed by Tassos Marinos. The Tassos Framework Plugin has a security vulnerability related to access control, which allows users to delete any file on the affected site...
CVE-2026-21627
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...
PT-2026-21017
Name of the Vulnerable Software and Affected Versions Joomla affected versions not specified Description The issue stemmed from how the Tassos Framework plugin processed certain AJAX requests via Joomla’s com ajax entry point. In specific scenarios, internal framework functionality was accessible...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2026-22521
CVE-2026-22521 concerns Handmade Framework (WordPress) up to v3.9, where improper control of filenames in include/require statements enables local file inclusion (authenticated LFI). The Wordfence entry indicates an authenticated (Contributor+) LFI with CVSS 3.1/7.5 (HIGH) and patch status as Unp...
CVE-2025-23993 WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through = 1.1.3...
WordPress plugin Redux Framework 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Sneeit Framework Plugin for WordPress < 8.4 Remote Code Execution
The WordPress Sneeit Framework Plugin installed on the remote host is affected by a Remote Code Execution vulnerability due to insufficient input validation in the sneeitarticlespaginationcallback function, which accepts user input and passes it through the calluserfunc function. This allows...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Activation/Deactivation via processpluginactions vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...
EUVD-2022-3569
Malicious code in bioql PyPI...
EUVD-2024-47842
Malicious code in bioql PyPI...
EUVD-2024-54142
Malicious code in bioql PyPI...