CVE-2024-13726

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-13726 Themes Coder <= 1.3.4 - Unauthenticated SQLi

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress plugin Themes Coder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-24699

Cross-Site Request Forgery CSRF vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting XSS.This issue affects WP Coder: from n/a through = 3.6...

CVE-2025-24699

Cross-Site Request Forgery CSRF vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting XSS.This issue affects WP Coder: from n/a through = 3.6...

CVE-2025-24699

CVE-2025-24699 : WordPress WP Coder plugin is affected (versions up to 3.6). The issue is a CSRF that enables Cross‑Site Scripting (XSS) via the vulnerable plugin code. Public records identify the nature of the vulnerability as CSRF to XSS in WP Coder &lt;= 3.6. Red Hat/RedHat-related and CVE dat...

CVE-2025-24699 WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company WP Coder allows Cross-Site Scripting XSS. This issue affects WP Coder: from n/a through 3.6...

CVE-2025-24699 WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting XSS.This issue affects WP Coder: from n/a through = 3.6...

WordPress plugin WP Coder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-27918

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

WordPress WP Coder Plugin <= 3.6 - CSRF to Cross Site Scripting (XSS) vulnerability

CSRF to Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Coder versions = 3.6...

CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...

CVE-2024-12402

CVE-2024-12402 impacts the Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress. The root cause is insecure direct object reference: the plugin does not properly validate a user’s identity before password updates in update_user_profile(), enabling unauthenticate...

CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password...

WordPress plugin Themes Coder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Themes Coder plugin <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Themes Coder versions = 1.3.4...

PT-2024-10659 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned as affected, so the information is not sufficient to determine the exact vulnerable software and versions. Description: The issue is related to a possible out of bounds write in the get binary...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in getbinary in vendor/mediatek/proprietary/hardware/connectivity/gps/gpshal/src/datacoder.c, where out-of-bounds writes may exist...

DEBIAN-CVE-2024-11612

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...

Open Redirect

github.com/coder/coder is vulnerable to Open Redirect. The vulnerability is due to lack of proper input validation on the Coder login page, allows attackers to manipulate the URL and redirect users to malicious websites...