621 matches found
WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Subscription Forms PRO versions = 2.0.5...
CVE-2025-60166
Technical details for CVE-2025-60166 are not provided in the supplied documents. The initial description notes a Missing Authorization vulnerability in WP Subscription Forms PRO
CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...
CVE-2025-60166 WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through = 2.0.5...
CVE-2025-60106 WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through = 1.6.0...
CVE-2025-60106
EmailKit (WordPress) is affected by CVE-2025-60106 due to a Missing Authorization flaw that could allow Arbitrary Content Deletion. The issue applies to EmailKit versions up to and including 1.6.0. The connected resources indicate this CVE has been addressed (patched) in later releases; users sho...
CVE-2025-59011 WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through 3.2.3...
CVE-2024-6429
A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...
WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin Super Blank versions = 1.2.0...
CVE-2025-59581
CVE-2025-59581 - Ibtana (WordPress Website Builder) Missing Authorization vulnerability present in Ibtana, allowing Arbitrary Content Deletion due to improper access control. Affected versions: up to 1.2.5.3 (from n/a to 1.2.5.3). Connected docs corroborate the issue as an access-control weakness...
CVE-2025-59581 WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through = 1.2.5.3...
CVE-2025-59581 WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3...
CVE-2025-55173
A vulnerability in Next.js Image Optimization allowed attacker-controlled image servers to trigger arbitrary file downloads with custom content and filenames. Exploitation required permissive images.domains or images.remotePatterns and user interaction. Binary-Affected: Next.js...
CVE-2025-55173
CVE-2025-55173 is a vulnerability in Next.js Image Optimization: attacker-controlled external image sources could cause content injection, enabling file downloads with arbitrary content/filenames under certain configurations and potentially aiding phishing. Affected versions are Next.js before 14...
GHSA-XV57-4MR9-WG8V Next.js Content Injection Vulnerability for Image Optimization
A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious...
WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability
Arbitrary Content Deletion vulnerability discovered by Bonds in WordPress Plugin Javo Core versions = 3.0.0.529...
CVE-2025-55746
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
CVE-2025-55746
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
CVE-2025-55746
Directus vulnerability (CVE-2025-55746) affects Directus real-time API/dashboard. From 10.8.0 to before 11.9.3, an issue in the file update mechanism lets an unauthenticated actor modify existing files with arbitrary content and/or upload new files (with arbitrary extensions) without updating dat...
CVE-2025-54679 WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customizer Free: from n/a through = 2.0...