CVE-2025-8592

CVE-2025-8592 affects the Inspiro WordPress theme (versions up to 2.1.2). It is a Cross-Site Request Forgery defect due to missing/incorrect nonce validation in inspiro_install_plugin(), enabling unauthenticated attackers to trigger plugin installations via forged requests if a site admin clicks ...

PT-2025-34189

Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

CVE-2024-12331

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxinstallplugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level acce...

WordPress plugin Filester 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-17547 · WordPress · File Manager Pro – Filester +1

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to install the Filebird plugin due to a missing capability chec...

CVE-2024-10533

The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajaxinstallplugin function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

WordPress plugin 10Web AI Assistant security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15159 · 10Web · 10Web Ai Assistant

Name of the Vulnerable Software and Affected Versions: 10Web AI Assistant versions up to, and including, 1.0.18 Description: The issue allows authenticated attackers with subscriber-level access and above to install arbitrary plugins, potentially gaining further access to a compromised site. This...

CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

WordPress plugin FULL - Customer code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FULL - Customer A...

VulnCheck KEV: CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

PT-2023-28336 · WordPress · Full - Customer

Name of the Vulnerable Software and Affected Versions: The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3 Description: The issue allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote...

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

Cross-Site Request Forgery (CSRF) in e107inc/e107

Description Hi e107 team, I would like to report a CSRF in e107 source code. This is in install plugin feature Proof of Concept 1. Install a local instance of e107 2. Login as admin and access this link /e107admin/plugin.php?mode=installed&action=install&path=chatboxmenu 3. See that the pluglin...

Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability

Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...

Serendipity跨站脚本漏洞和SQL注入漏洞

BUGTRAQ ID: 65449 Serendipity是Serendipity团队开发的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity中存在跨站脚本漏洞和SQL注入漏洞。攻击者可利用这些漏洞窃取基于cookie的身份认证，控制应用程序，访问或修改数据，或利用底层数据库中潜在的漏洞。Serendipity 1.7.5版本中存在漏洞，其他版本也可能受到影响。 0 Serendipity 1.7.5 厂商补丁： Serendipity ----- 目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.s9y.org/...

Aurora CMS 1.0.2 (install.plugin.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Aurora CMS 1.0.2 install.plugin.php Remote File Inclusion Vulnerability =========================================================================...

Aurora CMS 1.0.2 (install.plugin.php) Remote File Inclusion Vulnerability

No description provided by source. --------------------------------------------------------------------------------------------------------------- Aurora Content Management System Enterprise Edition install.plugin.php = Remote File Include Vulnerability...