2 matches found
EUVD-2026-42563
The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...
PT-2022-9672 · Yoast · Yoast Seo
Name of the Vulnerable Software and Affected Versions: Yoast SEO WordPress plugin versions 16.7 through 17.2 Description: The issue discloses the full internal path of featured images in posts via the "wp/v2/posts" REST endpoints, which could help an attacker identify other vulnerabilities or...