CVE-2025-12027

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027 Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticate...

CVE-2025-12027

CVE-2025-12027 affects the WordPress plugin Mesmerize Companion up to version 1.6.158 . The vulnerability arises from a missing capability check in the functions openPageInCustomizer and openPageInDefaultEditor , allowing authenticated users with subscriber-level access and above on sites using t...

WordPress plugin Mesmerize Companion 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20576

Name of the Vulnerable Software and Affected Versions Mesmerize Companion versions up to and including 1.6.158 Description The Mesmerize Companion plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check within the...

WordPress Mesmerize Companion plugin <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization Authenticated Subscriber+ Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Mesmerize Companion versions = 1.6.158...

EUVD-2019-11576

Malware in sbrugna...

EUVD-2024-36924

Malicious code in bioql PyPI...

CVE-2024-3494

The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-37431

Cross-Site Request Forgery CSRF vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through = 1.6.120...

CVE-2022-4481

The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

CVE-2024-37431

Cross-Site Request Forgery CSRF vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through = 1.6.120...

CVE-2024-37431

CVE-2024-37431 describes a CSRF vulnerability in the WordPress theme Mesmerize, affecting versions up to 1.6.120 (listed as up to 1.6.120). Connected sources corroborate a Cross-Site Forgery issue in Mesmerize (to cache clearing) and note that a patch exists (the CVE record is marked as Patched) ...

CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through = 1.6.120...

CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through = 1.6.120...

WordPress plugin Mesmerize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Mesmerize versions = 1.6.120...