319 matches found
CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress Blaze Demo Importer plugin 1.0.0-1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Database Reset and File Deletion vulnerability discovered by kr0d in WordPress Plugin Blaze Demo Importer versions 1.0.0-1.0.13...
CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334
CVE-2025-13334 (Blaze Demo Importer, WordPress) is substantiated by multiple connected sources: Wordfence flags a vulnerability in Blaze Demo Importer versions 1.0.0–1.0.13 caused by a missing capability check in blaze_demo_importer_install_demo, enabling authenticated attackers with subscriber+ ...
EUVD-2025-202963
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress plugin Blaze Demo Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-50816
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
Perforce BlazeMeter Jenkins Plugin 安全漏洞
Perforce BlazeMeter Jenkins Plugin is a plugin from Perforce USA. A security vulnerability exists in Perforce BlazeMeter Jenkins Plugin versions prior to 4.27, which stems from improper privilege control and could lead to unauthorized access to a list of sensitive resources...
EUVD-2025-178123
Malicious code in less-loader-sedna-blaze-commitizen npm...
EUVD-2025-180030
Malicious code in blaze-farout-module-transport npm...
EUVD-2025-180027
Malicious code in blaze-transport-genomics-telesto npm...
EUVD-2025-180029
Malicious code in blaze-figures-auth0-proxima npm...
EUVD-2025-180369
Malicious code in archaeoastronomy-blaze-panspermia-quark npm...
EUVD-2025-177984
Malicious code in magellan-blaze-archaeometry-slides npm...
EUVD-2025-176518
Malicious code in sass-loader-prompts-inquirer-blaze npm...
EUVD-2025-180031
Malicious code in blaze-antares-taurus-prompts npm...
MAL-2025-189357 Malicious code in sass-loader-prompts-inquirer-blaze (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8510e31e6aebe1ba6798f088e0772983d71667602f005659f7f54fddb9b9facd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187759 Malicious code in less-loader-sedna-blaze-commitizen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0aed9d31de0bbd2811f97f41f0bf00007a65a06d53fe4bd3a25fd061d296763 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...