WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

eNet SMART HOME server 2.3.1 Use of Default Credentials

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

EUVD-2025-198000

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. The vendor was notified early about this vulnerability, but didn't...

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient protection against cross-site request forgery and could lead to the deletion of users...

EUVD-2018-4924

Malware in sbrugna...

EUVD-2025-19923

Malicious code in bioql PyPI...

EUVD-2025-6628

Malicious code in bioql PyPI...

CVE-2025-5956 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...

CVE-2025-49234 WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Dummy Content Generator: from n/a through 3.4.6...

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

CVE-2025-25767

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request...

CVE-2024-53810 WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability

Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5...

Logic flaw vulnerability in KingH5Stream system of Beijing Asia Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform. There is a logic flaw vulnerability in the KingH5Stream system of Beijing Asian Control Technology Development Co., Ltd. that can be exploited by an...

JetBrains TeamCity Improper Permission Check Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. JetBrains TeamCity versions prior to 2020.2.1 are vulnerable to improper privilege checking during user deletion. No details of the vulnerability are provided at this time...