10 matches found
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
EUVD-2025-9913
Malicious code in bioql PyPI...
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233
CVE-2025-1233 concerns the Lafka Plugin for WordPress, where a missing capability check on the AJAX function lafka_options_upload allows unauthorized access to update the site theme options. The issue affects all versions up to and including 7.1.0. The vulnerability arises from insufficient autho...
WordPress plugin Lafka 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-15056 · WordPress · Lafka Plugin
Name of the Vulnerable Software and Affected Versions: Lafka Plugin for WordPress versions up to, and including, 7.1.0 Description: The issue is related to unauthorized access due to a missing capability check on the lafka options upload AJAX function. This allows authenticated attackers with...
WordPress Lafka Plugin plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update vulnerability
Missing Authorization to Authenticated Subscriber+ Theme Option Update vulnerability discovered by István Márton in WordPress Plugin Lafka Plugin versions = 7.1.0...
WordPress plugin Lafka 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...