EUVD-2025-28609

Malicious code in bioql PyPI...

EUVD-2023-31206

Malicious code in bioql PyPI...

Improper Access Control

unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...

CVE-2025-55741

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

GHSA-8P2F-FX4Q-75CX UnoPim has Broken Access Control

Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...

UnoPim has Broken Access Control

Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot delete a single product via the standard endpoint expected behavior, but can still delete products via the mass-delete endpoint, even when the request...

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

CVE-2025-55741

UnoPim is a Laravel-based open-source PIM. In versions

CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intend...

PT-2025-34443 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions 0.3.0 and earlier Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Users lacking the necessary Delete privilege for products can bypass access controls by submitti...

CVE-2023-27430

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

CVE-2023-27430

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

CVE-2023-27430

CVE-2023-27430 affects WordPress Mass Delete Unused Tags plugin (

CVE-2023-27430 WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Mass Delete Unused Tags plugin = 2.0.0 versions...

WordPress plugin Mass Delete Unused Tags 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

WordPress Mass Delete Taxonomies Plugin <= 3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mass Delete Taxonomies Type Plugin Vulnerable versions = 3.0.0 Fixed in 4.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 69e07302ea8d Credits WordFence Required...

WordPress Mass Delete Unused Tags Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Mass Delete Unused Tags Type Plugin Vulnerable versions = 2.0.0 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-27430 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6d6176635537 Credits Mika Requir...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to mass delete item price 🕵️‍♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/itempricesview.php HTTP/1.1 Host: localhost User-Agent:...