Exploit for CVE-2026-39440

CVE-2026-39440 FunnelForms Fix A drop-in WordPress plugin t...

CVE-2025-62046

Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...

EUVD-2023-31878

Malicious code in bioql PyPI...

CVE-2024-32715

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1...

CVE-2023-28170

Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1...

CVE-2024-13810 Zass - WooCommerce Theme for Handmade Artists and Artisans <= 3.9.9.10 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zassimportzass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with...

CVE-2024-13811 Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaimportlafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attacker...

CVE-2024-10532

CVE-2024-10532 affects Bard Extra for WordPress. The vulnerability is due to a missing authorization check in the bardxtra_import_xml() function, allowing authenticated users with subscriber-level access and above to import demo data, enabling unauthorized modification of data. Affected versions ...

WordPress Bard Extra plugin <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import vulnerability

Missing Authorization to Authenticated Subscriber+ Demo Import vulnerability discovered by Lucio Sá in WordPress Plugin Bard Extra versions = 1.2.7...

CVE-2024-9860 Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

CVE-2024-38749

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2...

CVE-2024-38749 WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2...

PT-2024-28193 · Unknown · Olive One Click Demo Import

Name of the Vulnerable Software and Affected Versions: Olive One Click Demo Import versions 1.1.2 and earlier Description: The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. Recommendations: For Olive One...

CVE-2024-6120

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-6120 Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-32715

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1...

CVE-2024-32715

A vulnerability in olivethemes Olive One Click Demo Import olive-one-click-demo-import.This issue affects Olive One Click Demo Import: from n/a through = 1.1.1...

WordPress Crafthemes Demo Import Plugin <= 3.3 is vulnerable to Broken Access Control

Software Crafthemes Demo Import Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34800 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID e10925dbe035 Credits Yudistira Arya Required...

CVE-2024-34433 WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0...

WordPress One Click Demo Import Plugin <= 3.2.0 is vulnerable to PHP Object Injection

Software One Click Demo Import Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-34433 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a0133f0acd1f Credits ngductung Patchstack Alliance Requir...