CVE-2026-25374

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

CVE-2026-25374

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

CVE-2026-25374 WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

CVE-2026-25374

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

CVE-2026-25374 WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

CVE-2026-25374

CVE-2026-25374 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress Spa and Salon theme (raratheme) prior to/including version 1.3.2. The issue is tied to misconfigured access control levels and allows unauthorized actions due to insufficient authorization chec...

PT-2026-20715

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through = 1.3.2...

WordPress plugin Spa and Salon 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...

EUVD-2024-29280

Malicious code in bioql PyPI...

CVE-2024-31384

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7...

Spa and Salon < 1.2.8 - Cross-Site Request Forgery to Notice Dismissal

Description The Spa and Salon theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the spaandsalonupdateadminnotice function. This makes it possible for unauthenticated attackers to dismiss...

CVE-2024-31384

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7...

CVE-2024-31384

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7...

CVE-2024-31384

CVE-2024-31384 is a Cross‑Site Request Forgery vulnerability affecting the Rara Theme Spa and Salon plugin/theme, with affected versions listed as Spa and Salon: from n/a through 1.2.7. The connected Red Hat entry confirms the same CVE and description. The available data indicate a CSRF issue but...

CVE-2024-31384 WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7...

CVE-2024-31384 WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7...

WordPress Plugin Spa and Salon 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Spa and Salon versions = 1.2.7...

WordPress Spa and Salon Theme <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Spa and Salon Type Theme Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31384 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e57c469e3394 Credits Dhabaleshwar Das...