31 matches found
CVE-2026-41890
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...
CVE-2026-41890
CVE-2026-41890 affects CI4MS prior to 0.31.8.0. The issue arises in the deleteProcess() action where the POST parameter tables[] is passed directly to $forge->dropTable() without validating that the tables belong to the theme being deleted. The deleteConfirm view uses the theme’s own migration...
CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...
CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess
Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...
EUVD-2019-18434
Malware in sbrugna...
EUVD-2022-30262
Malicious code in bioql PyPI...
EUVD-2023-28047
Malicious code in bioql PyPI...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-48063
Dreamer CMS 4.1.3 is affected by a CSRF vulnerability that can delete a theme project via /admin/category/delete. The connected sources consistently describe this CSRF issue but do not provide exploitation steps, specific exploitability, or remediation details. Practical impact is the potential d...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
CVE-2023-23983 WordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 can lead to theme deletion...
PT-2023-19337 · Wpdevart · Wpdevart Responsive Vertical Icon Menu Plugin
Name of the Vulnerable Software and Affected Versions: wpdevart Responsive Vertical Icon Menu plugin version 1.5.8 and earlier Description: A Cross-Site Request Forgery CSRF issue in the wpdevart Responsive Vertical Icon Menu plugin can lead to theme deletion. Recommendations: For versions 1.5.8...
WordPress plugin wpForo Forum 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Responsive Menu Plugin < 4.1.8 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:responsivemenu"; ifdescription...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
Design/Logic Flaw
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...