12 matches found
CVE-2025-14975
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...
CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...
CVE-2025-14975
CVE-2025-14975 concerns the WordPress plugin “Custom Login Page Customizer” (also tracked by RH and NVD) and affects versions before 2.5.4. The flaw allows a few unauthenticated requests to reset any user’s password by knowing their username (e.g., administrator), enabling account compromise. Con...
CVE-2026-22462 WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through = 1.4.5...
CVE-2026-22462
CVE-2026-22462 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Add Polylang support for Customizer” (component: add-polylang-support-for-customizer) affecting versions from n/a through
PT-2026-4234
Cross-Site Request Forgery CSRF vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through = 1.4.5...
WordPress plugin Thank You Page Customizer for WooCommerce 安全漏洞
...
WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Login Page Customizer Customizer Login Page, Admin Page, Custom Design versions = 2.1.1...
EUVD-2024-47627
Malicious code in bioql PyPI...
CVE-2023-45103
Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
CVE-2023-45103 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...
WordPress customizer plugin path traversal vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in the WordPress customizer plugin. Allowing a remote attacker to exploit the...