13 matches found
EUVD-2025-30220
Malicious code in bioql PyPI...
CVE-2025-10690
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
CVE-2025-10690
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
CVE-2025-10690 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
CVE-2025-10134
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...
CVE-2025-10134
CVE-2025-10134 affects Goza – Nonprofit Charity WordPress Theme up to version 3.2.2. The flaw is in the alone_import_pack_restore_data() function, where insufficient file path validation allows an unauthenticated attacker to delete arbitrary server files (e.g., wp-config.php), with potential remo...
WordPress Goza theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Goza versions 3.2.2...
WordPress Goza theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability
Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by GR0V in WordPress Theme Goza versions = 3.2.2...
WordPress Goza Theme 3.2.2 is vulnerable to Arbitrary File Deletion
Software Goza Type Theme Vulnerable versions 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-10134 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 14b5ad5ea9b5 Credits Thái An Required privilege Unauthenticated Publishe...
WordPress Goza Theme <= 3.2.2 is vulnerable to Arbitrary File Upload
Software Goza Type Theme Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 66a283dd0c55 Credits GR0V Required privilege Unauthenticated Published 8...