31 matches found
CVE-2026-41890
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...
CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...
CVE-2026-41890
CVE-2026-41890 affects CI4MS prior to 0.31.8.0. The issue arises in the deleteProcess() action where the POST parameter tables[] is passed directly to $forge->dropTable() without validating that the tables belong to the theme being deleted. The deleteConfirm view uses the theme’s own migration...
CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess
Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...
EUVD-2019-18434
Malware in sbrugna...
EUVD-2022-30262
Malicious code in bioql PyPI...
EUVD-2023-28047
Malicious code in bioql PyPI...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-48063
Dreamer CMS 4.1.3 is affected by a CSRF vulnerability that can delete a theme project via /admin/category/delete. The connected sources consistently describe this CSRF issue but do not provide exploitation steps, specific exploitability, or remediation details. Practical impact is the potential d...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
PT-2023-19337 · Wpdevart · Wpdevart Responsive Vertical Icon Menu Plugin
Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Vertical Icon Menu plugin version 1.5.8 and earlier Description: A Cross-Site Request Forgery CSRF issue in the wpdevart Responsive Vertical Icon Menu plugin can lead to theme deletion. Recommendations: For versions 1.5.8...
WordPress plugin wpForo Forum 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Responsive Menu Plugin < 4.1.8 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:responsivemenu"; ifdescription...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
Design/Logic Flaw
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...