Lucene search
K

183 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/07/29 12:0 a.m.37 views

VulnCheck KEV: CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

9.8CVSS6.2AI score0.47809EPSS
In wildExploits3References4
RedhatCVE
RedhatCVE
added 2025/07/19 1:57 a.m.10 views

CVE-2025-5396

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...

9.8CVSS8.2AI score0.47809EPSS
Exploits3References1
Patchstack
Patchstack
added 2025/07/16 2:43 p.m.9 views

WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Alone versions = 7.8.3...

10CVSS7.5AI score0.00482EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/07/15 4:15 a.m.7 views

CVE-2025-5393

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...

9.1CVSS0.00533EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

WordPress plugin Alone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.1CVSS6.6AI score0.00533EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.12 views

WordPress plugin Alone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.8AI score0.47809EPSS
Exploits3References3
Patchstack
Patchstack
added 2025/07/14 9:11 p.m.10 views

WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability

Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.3...

9.8CVSS7AI score0.47809EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2025/07/14 9:10 p.m.5 views

WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.2...

9.1CVSS7AI score0.00533EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/14 12:0 a.m.11 views

WordPress Alone Theme <= 7.8.3 is vulnerable to Arbitrary File Upload

Software Alone Type Theme Vulnerable versions = 7.8.3 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6abf738d57a0 Credits Thái An Required privilege Unauthenticated Published...

9.8CVSS7.2AI score0.47809EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2025/07/10 12:0 a.m.2 views

WordPress Alone Code Injection Vulnerability

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

7.2CVSS7.6AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 11:21 a.m.11 views

CVE-2025-52718

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...

7.2CVSS5.9AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.5 views

CVE-2025-52718

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...

7.2CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 11:17 a.m.3 views

CVE-2025-52718 WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2...

7.2CVSS6.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 11:17 a.m.12 views

CVE-2025-52718 WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Remote Code Inclusion.This issue affects Alone: from n/a through = 7.8.2...

7.2CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 11:17 a.m.34 views

CVE-2025-52718

The CVE-2025-52718 entry concerns WordPress Alone (Bearsthemes Alone) with an improper control of generation of code, enabling remote code inclusion and arbitrary code execution. Affected: Alone theme versions n/a through 7.8.2. Root cause: Code generation control weaknesses allow injected code t...

7.2CVSS5.9AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

WordPress plugin Alone 代码注入漏洞

WordPress Alone is a theme designed for nonprofit organizations, primarily for the WordPress platform. WordPress Alone suffers from a code injection vulnerability that stems from improper code generation controls, no details of the vulnerability are provided at this time...

7.2CVSS7.5AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.5 views

PT-2025-27932 · Unknown · Bearsthemes Alone

Name of the Vulnerable Software and Affected Versions: Bearsthemes Alone versions n/a through 7.8.2 Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', which allows Remote Code Inclusion. This enables potential attackers to execute...

7.2CVSS6.8AI score0.00196EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/07/01 9:52 p.m.5 views

WordPress Alone theme <= 7.8.2 - Arbitrary Code Execution Vulnerability

Arbitrary Code Execution Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Alone versions = 7.8.2...

7.2CVSS7.2AI score0.00196EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/21 9:53 p.m.4 views

CVE-2009-3187

Cross-site scripting XSS vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

4.3CVSS5.9AI score0.01498EPSS
Exploits1References1
Fedora
Fedora
added 2025/04/17 7:3 p.m.21 views

[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

8.4CVSS6.6AI score0.0052EPSS
Exploits0
Rows per page
Query Builder