Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

PT-2026-42065

Name of the Vulnerable Software and Affected Versions Bottom Bar versions prior to 0.1.8 Description The Bottom Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. The issue exists ...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1331)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,...

CVE-2025-15041

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the savesiteoption function in all versions up to, and including, 5.6.2. This makes it possible for...

CVE-2025-13471

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 for example to enable User Registration when it has been turned off...

AZL-73676 CVE-2025-14017 affecting package curl for versions less than 8.11.1-5

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

EUVD-2022-15549

Malicious code in bioql PyPI...

CVE-2019-15650

The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...

WordPress Advanced Custom Fields PRO plugin < 5.11 - Missing Authorization on Option Changes vulnerability

Missing Authorization on Option Changes vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields PRO versions 5.11...

WordPress Advanced Custom Fields plugin < 5.11 - Missing Authorization on Option Changes vulnerability

Missing Authorization on Option Changes vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields versions 5.11...

PT-2024-31719 · Unknown +1 · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...

WordPress Plugin Fancy Product Designer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

AZL-25808 CVE-2023-27538 affecting package rust for versions less than 1.72.0-2

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

SUSE CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

UBUNTU-CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

SUSE CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

WordPress plugin Wp Cookie Choice 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language, a WordPress open source application plugin that supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Wp Cookie Choice 1.1.0 and earlier versions are vulnerable to...

CVE-2019-17228

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes...

CVE-2019-15816

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via savesettingspage and other save functions...