CVE-2026-25462

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

EUVD-2026-15746

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

CVE-2026-25462

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

CVE-2026-25462 WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

CVE-2026-25462 WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...

CVE-2026-25462

CVE-2026-25462 is a Missing Authorization vulnerability in the avalex plugin for WordPress. Affected software: avalex (WordPress plugin) versions up to and including 3.1.3. Root cause: improper access control allows unauthorized access to/through the plugin. Impact as reported: Medium severity (C...

WordPress plugin avalex 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27957

Name of the Vulnerable Software and Affected Versions avalex versions through 3.1.3 Description An authorization issue exists in avalex. The problem involves exploiting incorrectly configured access control security levels. Recommendations At the moment, there is no information about a newer...

WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin avalex versions = 3.1.3...

CVE-2023-25059

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

EUVD-2023-29038

Malicious code in bioql PyPI...

avalex – Automatisch sichere Rechtstexte < 3.0.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modifcation of data due to a missing capability check on the saveApiKey function hooked via admininit in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to modify the API key for the plugin...

WordPress avalex Plugin <= 3.0.8 is vulnerable to Broken Access Control

Software avalex Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 98235a14b5cb Credits Unknown Required privilege Unauthenticated...

CVE-2023-25059

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

CVE-2023-25059

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

CVE-2023-25059 WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

CVE-2023-25059

CVE-2023-25059 affects the avalex WordPress plugin (versions ≤ 3.0.3). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication with admin+ privileges and is exploitable via user interaction. The underlying issue relates to insufficient input cleanup/output escaping i...

CVE-2023-25059 WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

WordPress Plugin avalex 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...