EUVD-2024-31398

Malicious code in bioql PyPI...

EUVD-2024-17117

Malicious code in bioql PyPI...

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

CVE-2024-33686

CVE-2024-33686 is a Missing Authorization vulnerability affecting multiple Extend Themes products (Pathway until 1.0.15; Hugo WP until 1.0.8; Althea WP until 1.0.13; Elevate WP until 1.0.15; Brite until 1.0.11; Colibri WP until 1.0.94; Vertice until 1.0.7). The CVE has a CVSSv3.1 base score of 4....

WordPress Colibri WP Theme <= 1.0.94 is vulnerable to Broken Access Control

Software Colibri WP Type Theme Vulnerable versions = 1.0.94 Fixed in 1.0.99 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c282bc3a34b4 Credits Dhabaleshwar Das Required privile...

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

Cross site request forgery (csrf)

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

CVE-2024-1360 Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install recommended...

CVE-2024-1360

CVE-2024-1360 affects the Colibri WP Theme for WordPress. The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the colibriwp_install_plugin() function, permitting unauthenticated attackers to cause a site admin to install requested plugins by tricking them int...

WordPress Colibri WP Theme <= 1.0.94 is vulnerable to Cross Site Request Forgery (CSRF)

Software Colibri WP Type Theme Vulnerable versions = 1.0.94 Fixed in 1.0.101 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1360 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6ff4c5ce12a4 Credits Lucio Sá Required...

WordPress Plugin Colibri WP Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-17972 · WordPress · Colibri Wp

Name of the Vulnerable Software and Affected Versions: Colibri WP theme for WordPress versions up to, and including, 1.0.94 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the colibriwp install plugin function. This allows...