29 matches found
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
CVE-2024-54263 affects the WordPress Spirit Framework plugin up to version 1.2.13, with a Local File Inclusion vulnerability caused by improper control of the filename for include/require statements in PHP. The issue enables PHP Local File Inclusion and is described across multiple sources as aff...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
EUVD-2024-55394
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2024-54263
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
PT-2026-5646
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
WordPress Plugin Spirit Framework 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
EUVD-2025-29004
Malicious code in bioql PyPI...
EUVD-2025-32230
Malicious code in bioql PyPI...
CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...
CVE-2025-6388
CVE-2025-6388 : Spirit Framework plugin for WordPress has an authentication bypass in all versions up to 1.2.14 due to improper validation in the custom_actions() function, enabling unauthenticated attackers who know an admin username to log in as any user (including administrators). Multiple con...
WordPress Spirit Framework plugin <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation vulnerability
Authentication Bypass to Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Spirit Framework versions = 1.2.14...
PT-2025-40464
Name of the Vulnerable Software and Affected Versions Spirit Framework plugin for WordPress versions through 1.2.14 Description The Spirit Framework plugin for WordPress is susceptible to an authentication bypass. This occurs because the custom actions function does not adequately validate user...
WordPress plugin Spirit Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
VulnCheck KEV: CVE-2025-6388
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...