8 matches found
EUVD-2025-26881
Malicious code in bioql PyPI...
CVE-2025-8944
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...
CVE-2025-8944
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...
CVE-2025-8944
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...
CVE-2025-8944
CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...
CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...
CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...
PT-2025-36114
Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...