CVE-2025-14392

CVE-2025-14392 concerns the WordPress plugin Simple Theme Changer . The vulnerability arises from missing capability checks on three AJAX-like actions (user_theme_admin, display_method_admin, set_change_theme_button_name) across all versions up to 1.0, allowing authenticated users with subscriber...

PT-2023-27046 · Unknown · Carts Guru

Name of the Vulnerable Software and Affected Versions: Carts Guru versions up to 2.4.2 Description: The issue is related to a SQL injection vulnerability. It affects the component CartsGuruCatalogModuleFrontController::display. Recommendations: For versions up to 2.4.2, consider restricting acces...

Roundup xml-rpc server improper check of property permissions

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

PYSEC-2008-10

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...