20 matches found
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
CVE-2026-24612 is a missing Authorization vulnerability in the WordPress plugin/theme Orchid Store (theme version 1.5.15) or apply vendor-provided fixes once available. If no upgrade is feasible, monitor for official patches and advisories from the vendor.
WordPress plugin Orchid Store has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
PT-2026-4444
Name of the Vulnerable Software and Affected Versions Orchid Store versions through 1.5.15 Description An issue exists in Orchid Store related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation due to this access...
WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John P in WordPress Theme Orchid Store versions = 1.5.15...
EUVD-2024-47966
Malicious code in bioql PyPI...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987
The CVE-2024-6987 entry concerns the Orchid Store WordPress theme. The documented root cause is a missing capability check in orchid_store_activate_plugin, enabling unauthorized data modification by authenticated users with Subscriber-level access and above to activate the Addonify Floating Cart ...
WordPress Orchid Store theme <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation vulnerability discovered by Lucio Sá in WordPress Theme Orchid Store versions = 1.5.6...
WordPress theme Orchid Store 安全漏洞
WordPress is a blogging platform developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Orchid Store version 1.5.6 and earlier...
WordPress Orchid Store Theme <= 1.5.6 is vulnerable to Broken Access Control
Software Orchid Store Type Theme Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6987 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11ea3d6423d2 Credits Lucio Sá Required privilege...
PT-2024-38024 · WordPress +1 · Orchid Store +1
Name of the Vulnerable Software and Affected Versions: Orchid Store theme for WordPress versions up to, and including, 1.5.6 Description: The issue is related to a missing capability check on the orchid store activate plugin function, allowing authenticated attackers with Subscriber-level access...