183 matches found
VulnCheck KEV: CVE-2025-5394
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
CVE-2025-5396
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...
WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Alone versions = 7.8.3...
CVE-2025-5393
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...
WordPress plugin Alone 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Alone 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability
Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.3...
WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.2...
WordPress Alone Theme <= 7.8.3 is vulnerable to Arbitrary File Upload
Software Alone Type Theme Vulnerable versions = 7.8.3 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6abf738d57a0 Credits Thái An Required privilege Unauthenticated Published...
WordPress Alone Code Injection Vulnerability
WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...
CVE-2025-52718
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...
CVE-2025-52718
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...
CVE-2025-52718 WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2...
CVE-2025-52718 WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...
CVE-2025-52718
The CVE-2025-52718 entry concerns WordPress Alone (Bearsthemes Alone) with an improper control of generation of code, enabling remote code inclusion and arbitrary code execution. Affected: Alone theme versions n/a through 7.8.2. Root cause: Code generation control weaknesses allow injected code t...
WordPress plugin Alone 代码注入漏洞
WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...
PT-2025-27932 · Unknown · Bearsthemes Alone
Name of the Vulnerable Software and Affected Versions: Bearsthemes Alone versions n/a through 7.8.2 Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', which allows Remote Code Inclusion. This enables potential attackers to execute...
WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability
Arbitrary Code Execution Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Alone versions = 7.8.2...
CVE-2009-3187
Cross-site scripting XSS vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42
This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...