29 matches found
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
EUVD-2024-55394
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
CVE-2024-54263 affects the WordPress Spirit Framework plugin up to version 1.2.13, with a Local File Inclusion vulnerability caused by improper control of the filename for include/require statements in PHP. The issue enables PHP Local File Inclusion and is described across multiple sources as aff...
WordPress Plugin Spirit Framework 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-5646
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
EUVD-2025-29004
Malicious code in bioql PyPI...
EUVD-2025-32230
Malicious code in bioql PyPI...
CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
CVE-2025-6388
The CVE-2025-6388 issue affects the Spirit Framework WordPress plugin up to version 1.2.14, where the custom_actions() function does not properly validate a user’s identity before authentication, enabling unauthenticated login as any user (including admins) when the attacker knows a username. Thi...
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
WordPress Spirit Framework plugin <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation vulnerability
Authentication Bypass to Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Spirit Framework versions = 1.2.14...
PT-2025-40464
Name of the Vulnerable Software and Affected Versions Spirit Framework plugin for WordPress versions through 1.2.14 Description The Spirit Framework plugin for WordPress is susceptible to an authentication bypass. This occurs because the custom actions function does not adequately validate user...
WordPress plugin Spirit Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
VulnCheck KEV: CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...