42 matches found
EUVD-2026-43290
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275 Tutor LMS < 3.9.13 - Subscriber+ Unauthorized Course Enrollment and Private Course Content Disclosure via Droip/Kirki Integration
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275
Affected software: Tutor LMS WordPress plugin (before 3.9.13) with Droip and Kirki page-builder integrations. What is vulnerable: The core course handler does not perform enrollment, purchase, and private-course capability checks when using Droip/Kirki integrations, permitting authenticated users...
EUVD-2024-40604
Malicious code in bioql PyPI...
EUVD-2024-40603
Malicious code in bioql PyPI...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5835
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5835
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5831
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5835
CVE-2025-5835 concerns the Droip plugin for WordPress. The vulnerability arises from a missing capability check in the droip_post_apis() function across versions up to and including 2.2.0, enabling authenticated attackers with Subscriber-level access and above to trigger AJAX hooks and perform ac...
CVE-2025-5835 Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droippostapis function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-5831
CVE-2025-5831 affects the Droip WordPress plugin. The vulnerability arises from missing file type validation in the make_google_font_offline() function, allowing authenticated users with Subscriber+ privileges to upload arbitrary files to the server (versions up to 2.2.0). This can potentially le...
CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
CVE-2025-5831 Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...
WordPress plugin Droip 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2025-30733 · WordPress · Droip
Name of the Vulnerable Software and Affected Versions: Droip versions prior to 2.2.1 Description: The Droip plugin for WordPress is susceptible to arbitrary file uploads due to missing file type validation in the make google font offline function. This allows authenticated attackers with...
WordPress plugin Droip 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...