CVE-2025-13334

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

PT-2025-50816

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

EUVD-2021-25694

Malware in sbrugna...

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

WordPress Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation vulnerability

Missing Authorization to Unauthenticated DB Table Truncation vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

CVE-2024-12158

CVE-2024-12158 concerns the Popup – MailChimp, GetResponse and ActiveCampaign Integrations WordPress plugin. The vulnerability is a missing capability check on the AJAX action upc_delete_db_data, affecting all versions up to and including 3.2.6. This permits unauthenticated attackers to delete th...

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Hardcoded credentials

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Joomla object injection vulnerability analysis including the vulnerability use-a vulnerability warning-the black bar safety net

Joomla security team emergency release of the 3. 4. 6 version fixes a high-risk 0day vulnerability. Impact version from Joomla 1.5 up until 3.4.5 This vulnerability without having to log in, the front Desk can be code execution One, session deserialization php function sessionsetsavehandleroffici...

FreeBSD : php -- ini database truncation inside dba_replace() function (1e8031be-4258-11de-b67a-0030843d3802)

securityfocus research reports : A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...

php -- ini database truncation inside dba_replace() function

securityfocus research reports: A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...