319 matches found
CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress Blaze Demo Importer plugin 1.0.0-1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Database Reset and File Deletion vulnerability discovered by kr0d in WordPress Plugin Blaze Demo Importer versions 1.0.0-1.0.13...
CVE-2025-13334
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
CVE-2025-13334
CVE-2025-13334 (Blaze Demo Importer, WordPress) is substantiated by multiple connected sources: Wordfence flags a vulnerability in Blaze Demo Importer versions 1.0.0–1.0.13 caused by a missing capability check in blaze_demo_importer_install_demo, enabling authenticated attackers with subscriber+ ...
EUVD-2025-202963
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
PT-2025-50816
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...
WordPress plugin Blaze Demo Importer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Perforce BlazeMeter Jenkins Plugin 安全漏洞
Perforce BlazeMeter Jenkins Plugin is a plugin from Perforce USA. A security vulnerability exists in Perforce BlazeMeter Jenkins Plugin versions prior to 4.27, which stems from improper privilege control and could lead to unauthorized access to a list of sensitive resources...
EUVD-2025-180344
Malicious code in arcturus-iota-auth-blaze npm...
EUVD-2025-178441
Malicious code in impulse-blaze-yonder-eleventy npm...
EUVD-2025-176580
Malicious code in run-script-zenith-mantle-blaze npm...
EUVD-2025-180027
Malicious code in blaze-transport-genomics-telesto npm...
EUVD-2025-175595
Malicious code in webdriverio-npm-supervisor-blaze npm...
Malicious code in blaze-antares-taurus-prompts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ad226b864d7c4e73ea785218719e45d19c4ac3acdb0c4d2a3c0530ff2b85350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189357 Malicious code in sass-loader-prompts-inquirer-blaze (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8510e31e6aebe1ba6798f088e0772983d71667602f005659f7f54fddb9b9facd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185851 Malicious code in blaze-antares-taurus-prompts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ad226b864d7c4e73ea785218719e45d19c4ac3acdb0c4d2a3c0530ff2b85350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185854 Malicious code in blaze-transport-eridanus-singularitarianism (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 132336594566f83353e8d26153b7eaa947954f4e3280dca688c1d21777f60534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178123
Malicious code in less-loader-sedna-blaze-commitizen npm...