2 matches found
GHSA-9PPG-JX86-FQW7 Unauthorized npm publish of [email protected] with modified postinstall script
Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...
WordPress Custom Font Uploader Plugin <= 2.3.4 is vulnerable to Broken Access Control
Software Custom Font Uploader Type Plugin Vulnerable versions = 2.3.4 Fixed in 2.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec1d5e78e0ec Credits Lucio Sá Required privile...