12 matches found
EUVD-2021-11890
Malware in sbrugna...
EUVD-2023-24079
Malicious code in bioql PyPI...
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletepackage function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to...
CVE-2022-4239
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS, which arises from the possibility that call logs may still...
CVE-2025-3915 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-0958 Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as...
CVE-2025-0958
CVE-2025-0958 concerns the Ultimate WordPress Auction Plugin (
WordPress Read More & Accordion plugin <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary 'Read More' Post Deletion vulnerability discovered by theviper17y in WordPress Plugin Read More & Accordion versions = 3.4.2...
Cross site request forgery (csrf)
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...
CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion
WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...
CVE-2019-12253
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&deleteposting...