EUVD-2024-40604

Malicious code in bioql PyPI...

EUVD-2024-40603

Malicious code in bioql PyPI...

CVE-2025-5831

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-5835

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-5835

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-5831

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-5831

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-5835

CVE-2025-5835 concerns the Droip plugin for WordPress. The vulnerability arises from a missing capability check in the droip_post_apis() function across versions up to and including 2.2.0, enabling authenticated attackers with Subscriber-level access and above to trigger AJAX hooks and perform ac...

CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2025-5831

CVE-2025-5831 affects the Droip WordPress plugin. The vulnerability arises from missing file type validation in the make_google_font_offline() function, allowing authenticated users with Subscriber+ privileges to upload arbitrary files to the server (versions up to 2.2.0). This can potentially le...

WordPress plugin Droip 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-30733 · WordPress · Droip

Name of the Vulnerable Software and Affected Versions: Droip versions prior to 2.2.1 Description: The Droip plugin for WordPress is susceptible to arbitrary file uploads due to missing file type validation in the make google font offline function. This allows authenticated attackers with...

WordPress plugin Droip 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-30734 · WordPress · Droip

Name of the Vulnerable Software and Affected Versions: Droip plugin for WordPress versions up to 2.2.0 Description: The Droip plugin for WordPress is susceptible to unauthorized modification and access of data due to a missing capability check on the droip post apis function. Authenticated...

WordPress Droip plugin <= 2.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Foxyyy in WordPress Plugin Droip versions = 2.2.6...

CVE-2024-43954

Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1...

CVE-2024-43955

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1...