CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Nex Team in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

CVE-2025-10145

...

EUVD-2025-15340

Malicious code in bioql PyPI...

EUVD-2024-28413

Malicious code in bioql PyPI...

EUVD-2023-33677

Malicious code in bioql PyPI...

CVE-2025-60121

Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through = 4.1.7...

CVE-2025-60121

CVE-2025-60121 refers to a Missing Authorization vulnerability in WooEvents (WooCommerce WordPress plugin) affecting versions up to 4.1.7. The Wordfence entry notes the issue with a CVSS v3.1 base score of 5.3 (Medium) and no patch is indicated as available in the provided documents. Exploitation...

WordPress plugin WooEvents 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-39568

Name of the Vulnerable Software and Affected Versions WooEvents versions through 4.1.7 Description An authorization issue exists in Ex-Themes WooEvents, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WooEvents to a version later than 4.1.7...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache USA Foundation. A security vulnerability exists in Apache Cassandra versions 3.0.30, 3.11.17, 4.0.16, 4.1.7, and 5.0.2, which stems from an improperly defined privilege that could lead to elevation of privilege...

CVE-2024-56915

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...

Netbox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from NetBox Community. A security vulnerability exists in Netbox Community version 4.1.7, which stems from unfiltered user input in the current value field in Configuration...

CVE-2024-56918

In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...

CVE-2024-56917

Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...

CVE-2024-30493

Cross-Site Request Forgery CSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.7...

PT-2025-24459

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 3.0.30 Apache Cassandra versions 3.11.17 Apache Cassandra versions 4.0.16 Apache Cassandra versions 4.1.7 Apache Cassandra versions 5.0.2 Description: A privilege escalation issue exists in Apache Cassandra where a...

WordPress plugin Secure Copy Content Protection and Content Locking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

CVE-2023-2159

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...

PT-2023-18285 · WordPress · Cmp – Coming Soon & Maintenance Plugin

Name of the Vulnerable Software and Affected Versions: CMP – Coming Soon & Maintenance plugin for WordPress versions up to, and including, 4.1.7 Description: The issue allows users to bypass the maintenance mode feature of the plugin. This can be achieved by including a correct cmp bypass GET...