CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629 Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629

CVE-2025-14629 affects the WordPress plugin Alchemist Ajax Upload . The vulnerability is a missing capability check in the delete_file function, allowing unauthenticated users to delete arbitrary WordPress media attachments in all versions up to and including 1.1. The Wordfence report catalogs th...

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

WordPress Alchemist Ajax Upload plugin <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability discovered by ChamlaVic in WordPress Plugin Alchemist Ajax Upload versions = 1.1...

PT-2026-4569

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete file' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

WordPress plugin Alchemist Ajax: Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

Alchemist can mint AlTokens above their assigned ceiling by calling lowerHasMinted()

Lines of code Vulnerability details Impact An alchemist / user can mint more than their alloted amount of AlTokens by calling lowerHasMinted before they reach their minting cap. Proof of Concept Function mint in AlchemicTokenV2Base.sol function mintaddress recipient, uint256 amount external...

TransmuterBuffer's _alchemistWithdraw use hard coded slippage that can lead to user losses

Lines of code Vulnerability details exchange - exchange - alchemistWithdraw is user funds utilizing call sequence and the slippage hard coded to 1% there can cause a range of issues. For example, if there is not enough shares, the number of shares to withdraw will be unconditionally reduced to th...

registerAsset misuse can permanently disable TransmuterBuffer and break the system

Lines of code Vulnerability details TransmuterBuffer's refreshStrategies is the only way to actualize yieldTokens array. The function requires registeredUnderlyings array to match current Alchemist's supportedUnderlyingTokens. In the same time registeredUnderlyings can be only increased via...

alchemist.vim vulnerable to remote code execution

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

borrowFee can be completly bypassed while minting

Handle hack3r-0m Vulnerability details uint256 totalCredit = cdp.totalCredit; retrieves total credit of caller if totalCredit amount // user pays the fee ... else cdp.totalCredit = totalCredit.subamount; here amount is caller amount and = totalCredit then the user can skip paying fees everytime...

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...

souls-alchemist.gamerch.com XSS vulnerability

Open Bug Bounty ID: OBB-645871 Description| Value ---|--- Affected Website:| souls-alchemist.gamerch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

alchemist.vim bundled alchemist-server remote code execution vulnerability

alchemist.vim is a text editor plugin used in Elixir. bundled alchemist-server is one of the servers. A remote code execution vulnerability exists in bundled alchemist-server in alchemist.vim. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

Little Alchemist - BSD license, Base64 encoded String, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application Little Alchemist published at the 'play' market has multiple vulnerabilities...