41 matches found
EUVD-2024-54060
Malicious code in bioql PyPI...
EUVD-2024-54059
Malicious code in bioql PyPI...
EUVD-2024-54058
Malicious code in bioql PyPI...
EUVD-2025-17670
Malicious code in bioql PyPI...
WordPress Civi Framework plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Civi Framework plugin that stems from the WEB application not adequately verifying that a request is from a...
CVE-2025-49511
Cross-Site Request Forgery CSRF vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through = 2.1.6...
CVE-2025-49511
Cross-Site Request Forgery CSRF vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through = 2.1.6...
CVE-2025-49511 WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability
Cross-Site Request Forgery CSRF vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through = 2.1.6...
CVE-2025-49511
CVE-2025-49511 : CSRF in Civi Framework (WordPress plugin) affects Civi Framework up to 2.1.6.x (CNVD lists 2.1.6.3). Root cause: insufficient verification of request origin leading to unauthorized actions. Exploitation details not provided in the documents. According to connected CNVD entry, pat...
CVE-2025-49511 WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability
Cross-Site Request Forgery CSRF vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6...
WordPress plugin Civi Framework 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Civi Framework plugin that stems from the WEB application not adequately verifying that a request is from a...
PT-2025-24658 · Unknown · Civi Framework
Name of the Vulnerable Software and Affected Versions: Civi Framework versions 2.1.6 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross-Site Request Forgery. Recommendations: For versions 2.1.6 and earlier, update to a version later...
WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability
Cross Site Request Forgery CSRF to User Deactivation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Civi Framework versions = 2.1.6...
CVE-2024-13772
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fbajaxloginorregister and googleajaxloginorregist...
CVE-2024-13771
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...
CVE-2024-13773
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...
CVE-2024-13773
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...
CVE-2024-13773
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...
CVE-2024-13771
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...
CVE-2024-13772
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fbajaxloginorregister and googleajaxloginorregist...