WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

PT-2026-42223

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.17 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 18.1.0-rc-1 Description The 'POST /wikis/wikiName' API executes a XAR import without...

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...

CVE-2025-15026

CVE-2025-15026 affects Centreon Infra Monitoring, specifically the centreon-awie (Awie import module). The root cause is a missing authentication check for a critical function, allowing access to functionality not properly constrained by ACLs. Affected versions are: 25.10.0–25.10.1 (before 25.10....

EUVD-2019-6807

Malware in sbrugna...

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

WordPress VidoRev Extensions plugin <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import vulnerability

Missing Authorization to Unauthenticated Youtube Video Import vulnerability discovered by Lucio Sá in WordPress Plugin VidoRev Extensions versions = 2.9.9.9.9.9.5...

WordPress Affiliate Links plugin <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection vulnerability

Missing Authorization to Unauthenticated Import/Export and PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Affiliate Links Lite versions = 3.0.1...

PT-2024-39007 · WordPress · Spice Starter Sites

Name of the Vulnerable Software and Affected Versions: Spice Starter Sites plugin for WordPress versions 1.2.5 and earlier Description: The issue allows unauthorized modification of data due to a missing capability check on the spice starter sites importer creater function. This makes it possible...

PT-2024-16761 · WordPress · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher plugin for WordPress versions up to, and including, 4.0.11 Description: The issue is related to a missing capability check on the init function, which allows unauthorized modification of data. This makes it possible...

WordPress Plugin Ultimate GDPR & CCPA 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

VulnCheck KEV: CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...