CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

CVE-2025-13438

The CVE CVE-2025-13438 concerns the WordPress plugin Page Title, Description & Open Graph Updater. Affected versions: all up to and including 1.02. Root cause: missing nonce validation on multiple AJAX actions (e.g., dieno_update_page_title) leading to Cross-Site Request Forgery. Impact as stated...

WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability

Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...

EUVD-2025-203915

A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...

CVE-2025-67173

A Cross-Site Request Forgery CSRF in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

CVE-2025-55128

The CVE-2025-55128 entry concerns Revive Adserver and a vulnerability in userlog-index.php where an attacker with admin access can send an extremely large setPerPage value, causing uncontrolled resource consumption and potential DoS. The tied HackerOne report explains that the pagination paramete...

EUVD-2018-8861

Malware in sbrugna...

EUVD-2025-16517

Malicious code in bioql PyPI...

WordPress FooGallery plugin <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates vulnerability

Insecure Direct Object Reference to Authenticated Custom+ Arbitrary Post/Page Updates vulnerability discovered by Stiofan in WordPress Plugin FooGallery versions = 2.4.29...

CVE-2024-3555 Social Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the importlinkpages function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

WordPress Social Link Pages plugin <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability

Missing Authorization to Arbitrary Page Creation and Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Social Link Pages versions = 1.6.9...

CVE-2024-28113

Peering Manager is a BGP session management tool. In Peering Manager =1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. Ther...

Peering Manager Input Validation Error Vulnerability

Peering Manager is a BGP session management tool. An input validation error vulnerability exists in Peering Manager 1.8.2 and earlier versions, which stems from the presence of an input validation error vulnerability that could redirect a user to an arbitrary page using a specially crafted url...

GHSA-P6XX-FHFW-7MJ7 Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

CVE-2022-47131

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

CVE-2022-47131

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

PT-2022-4763 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to improper input validation in the kbase mem alias function of mali kbase mem linux.c, which could lead to arbitrary code execution and local escalation of privilege without requiring addition...

WordPress Bulk Page Creator plugin <= 1.1.3 - Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Page Creation via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin versions = 1.1.3. Solution Update the WordPress Bulk Page Creator plugin to the latest available version at least 1.1.4...

CVE-2022-26589

A Cross-Site Request Forgery CSRF in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages...