10 matches found
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
EUVD-2025-9913
Malicious code in bioql PyPI...
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233
CVE-2025-1233 concerns the Lafka Plugin for WordPress, where a missing capability check on the AJAX function lafka_options_upload allows unauthorized access to update the site theme options. The issue affects all versions up to and including 7.1.0. The vulnerability arises from insufficient autho...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
WordPress plugin Lafka 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-15056 · WordPress · Lafka Plugin
Name of the Vulnerable Software and Affected Versions: Lafka Plugin for WordPress versions up to, and including, 7.1.0 Description: The issue is related to unauthorized access due to a missing capability check on the lafka options upload AJAX function. This allows authenticated attackers with...
WordPress Lafka Plugin plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update vulnerability
Missing Authorization to Authenticated Subscriber+ Theme Option Update vulnerability discovered by István Márton in WordPress Plugin Lafka Plugin versions = 7.1.0...
WordPress plugin Lafka 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...