CVE-2025-12350

The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...

CVE-2024-50966

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/doAdminAction.php?act=addAdmin...

CVE-2024-46600

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/doAdminAction.php?act=delCate&id=31...

PT-2024-32068 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the "/admin/doAdminAction.php" API endpoint, specifically when the act parameter is set to delCate and the...