31 matches found
CVE-2025-13091
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-13091 Shopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2025-13091 Shopire <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
WordPress plugin Shopire 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20597
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire admin install plugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and abov...
EUVD-2025-28062
Malicious code in bioql PyPI...
EUVD-2025-12058
Malicious code in bioql PyPI...
EUVD-2025-28050
Malicious code in bioql PyPI...
CVE-2025-46468
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46468
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46468 WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46468 WordPress Fable Extra plugin <= 1.0.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46468
CVE-2025-46468 is a Local File Inclusion vulnerability in WordPress plugin Fable Extra <= 1.0.6 (a WordPress plugin). The issue arises from improper control of filenames used in PHP include/require statements, enabling PHP local file inclusion. Public sources (NVD/Red Hat/ CVE records) list th...
CVE-2025-46539 WordPress Fable Extra plugin <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...
CVE-2025-46539
CVE-2025-46539 is an SQL injection vulnerability in WordPress plugin Fable Extra, affecting versions up to 1.0.6. The issue arises from improper neutralization of input in SQL commands, enabling blind SQL injection. Product affected: Fable Extra for WordPress (versions ≤ 1.0.6). Impact as stated:...
CVE-2025-46539 WordPress Fable Extra <= 1.0.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6...
WordPress plugin Fable Extra SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-22730 · Unknown +1 · Wpfable Fable Extra +1
Name of the Vulnerable Software and Affected Versions: WPFable Fable Extra versions 1.0.0 through 1.0.6 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...