221 matches found
EUVD-2024-33454
Malicious code in bioql PyPI...
EUVD-2025-28852
Malicious code in bioql PyPI...
EUVD-2022-45082
Malicious code in bioql PyPI...
EUVD-2021-34201
Malicious code in bioql PyPI...
CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...
WordPress Sydney plugin <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Theme Options Update vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Sydney versions = 2.56...
CVE-2025-9430
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...
CVE-2025-9430
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...
CVE-2025-9430 mtons mblog update cross site scripting
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...
CVE-2025-9430 mtons mblog update cross site scripting
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used...
CVE-2025-9430
CVE-2025-9430 is reported for mtons mblog up to 3.5.0. The issue arises from improper handling of input in the file "/admin/options/update", allowing cross-site scripting. The CVE entry notes that the attack can be launched remotely and that the exploit is public. Connected sources consistently i...
PT-2025-34722 · Mtons · Mtons Mblog
Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability was detected in mtons mblog up to version 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in...
mblog 安全漏洞
mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mtons mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to misuse of the parameter input in the file /admin/options/update...
VulnCheck KEV: CVE-2024-9193
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...
Exploit for CVE-2025-5701
CVE-2025-5701 HyperComments = 1.2.2 - Unauthenticated Subscr...
CVE-2024-0790
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...
CVE-2023-0889
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...
CVE-2025-3058
CVE-2025-3058 (Xelion Webchat, WordPress) affects the Xelion Webchat plugin for WordPress, up to and including version 9.1.0. The flaw is a missing capability check in the xwc_save_settings() function, enabling an authenticated attacker with Subscriber+ privileges to update arbitrary options. Doc...
CVE-2025-2719 Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Swatchly – WooCommerce Variation Swatches for Products product attributes: Image swatch, Color swatches, Label swatches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in versions 1.2.8 to 1.4.0. This makes ...
CVE-2025-2568 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayublocksgettoggleswitchvaluescallback' and 'vayublockssavetoggleswitchcallback' function in versions 1.0.4 t...