35 matches found
kiro-redteam-lite
kiro-redteam-lite Red Team Automation Lite: Focused on...
EUVD-2024-47267
Malicious code in bioql PyPI...
EUVD-2025-28834
Malicious code in bioql PyPI...
EUVD-2024-53988
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-45111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of...
CVE-2025-9331
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-9331
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-9331 Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-9331 Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import
The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Spacious plugin <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import vulnerability
Missing Authorization to Autheticated Subscriber+ Demo Data Import vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Spacious versions = 1.9.11...
PT-2025-34340 · WordPress · Spacious
Name of the Vulnerable Software and Affected Versions: Spacious theme for WordPress versions prior to 1.9.12 Description: The Spacious theme for WordPress is susceptible to unauthorized data modification due to the absence of a capability check within the welcome notice import handler function...
CVE-2024-6120
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2024-13811
The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaimportlafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attacker...
CVE-2024-13811
The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaimportlafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attacker...
CVE-2024-13811
CVE-2024-13811 concerns the Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme for WordPress (versions
CVE-2024-13811 Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import
The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaimportlafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attacker...
WordPress plugin Lafka 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-9860
The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...
CVE-2024-6120
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...