1229 matches found
PT-2025-53889
Name of the Vulnerable Software and Affected Versions OTWthemes Popping Sidebars and Widgets Light versions through 1.27 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This issue could...
WordPress plugin Popping Sidebars and Widgets Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...
CVE-2025-62960
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...
CVE-2025-62960
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...
CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...
CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...
CVE-2025-62960
CVE-2025-62960 is a Missing Authorization / Broken Access Control vulnerability reported for the WordPress theme Construction Light (affected: all versions up to 1.6.7). The Red Hat, NVD, CIRCL and CVE records consistently describe a lack of proper access control, enabling exploitation due to mis...
PT-2025-52270
Name of the Vulnerable Software and Affected Versions Sparkle WP Construction Light versions through 1.6.7 Description A missing authorization issue exists in Sparkle WP Construction Light, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...
WordPress plugin Construction Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-10684
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
EUVD-2025-203030
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
CVE-2025-10684
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
CVE-2025-10684
CVE-2025-10684 affects the Construction Light WordPress theme prior to version 1.6.8. Multiple sources (NVD, Red Hat, CIRCL, CVE list) describe a lack of authorization and CSRF protection for an AJAX activation action, allowing any authenticated user (e.g., subscribers) to activate arbitrary func...
CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...
WordPress plugin Construction Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library
The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...
AZL-70850 CVE-2025-65018 affecting package fltk 1.3.8-1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...
EUVD-2025-117267
Malicious code in light-amber-eel npm...