EUVD-2025-30220

Malicious code in bioql PyPI...

CVE-2025-10690

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...

CVE-2025-10690

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...

CVE-2025-10690

The Goza - Nonprofit Charity WordPress Theme is affected (versions

CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...

CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...

PT-2025-38501

Name of the Vulnerable Software and Affected Versions Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2 Description The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the beplus import...

WordPress plugin Goza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-10134

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

CVE-2025-10134

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

CVE-2025-10134

CVE-2025-10134 affects Goza – Nonprofit Charity WordPress Theme up to version 3.2.2. The flaw is in the alone_import_pack_restore_data() function, where insufficient file path validation allows an unauthenticated attacker to delete arbitrary server files (e.g., wp-config.php), with potential remo...

WordPress plugin Goza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-36678

Name of the Vulnerable Software and Affected Versions: Goza - Nonprofit Charity WordPress Theme versions through 3.2.2 Description: The Goza - Nonprofit Charity WordPress Theme is susceptible to arbitrary file deletion due to inadequate file path validation within the alone import pack restore da...

WordPress Goza theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Goza versions 3.2.2...

WordPress Goza theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability

Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by GR0V in WordPress Theme Goza versions = 3.2.2...

WordPress Goza Theme 3.2.2 is vulnerable to Arbitrary File Deletion

Software Goza Type Theme Vulnerable versions 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-10134 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 14b5ad5ea9b5 Credits Thái An Required privilege Unauthenticated Publishe...

WordPress Goza Theme <= 3.2.2 is vulnerable to Arbitrary File Upload

Software Goza Type Theme Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 66a283dd0c55 Credits GR0V Required privilege Unauthenticated Published 8...