Lucene search
K

66 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34381

Malicious code in bioql PyPI...

4.3CVSS8.7AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-56795

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34380

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00646EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.4 views

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.1AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/12 12:0 a.m.4 views

WordPress NitroPack plugin unauthorized modification vulnerability

WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/09/10 7:15 a.m.5 views

CVE-2025-8778

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/10 6:38 a.m.6 views

CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/10 6:38 a.m.1 views

CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.5AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2025/09/10 6:38 a.m.18 views

CVE-2025-8778

Summary (CVE-2025-8778): The NitroPack plugin for WordPress (versions up to 1.18.4) has a missing capability check in nitropack_set_compression_ajax(), enabling authenticated attackers with Subscriber-level access or higher to modify nitropack-enableCompression and alter plugin compression settin...

4.3CVSS4.6AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37019

Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...

4.3CVSS5.6AI score0.00226EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.4 views

WordPress plugin NitroPack 安全漏洞

WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/09 11:55 p.m.4 views

WordPress NitroPack plugin <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Settings Update via nitropacksetcompressionajax Function vulnerability discovered by Peter Thaleikis in WordPress Plugin NitroPack versions = 1.18.4...

4.3CVSS6.8AI score0.00226EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.16 views

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

9.8CVSS7.1AI score0.00354EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.5 views

CVE-2024-11851

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

4.3CVSS6.6AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:39 a.m.6 views

CVE-2024-11848

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.1CVSS7.7AI score0.00646EPSS
Exploits0References1
NVD
NVD
added 2025/01/15 12:15 p.m.10 views

CVE-2024-11848

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.1CVSS0.00646EPSS
Exploits0References2
NVD
NVD
added 2025/01/15 12:15 p.m.10 views

CVE-2024-11851

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

4.3CVSS0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/15 11:29 a.m.15 views

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

4.3CVSS0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/15 11:29 a.m.4 views

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

4.3CVSS4.5AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2025/01/15 11:29 a.m.44 views

CVE-2024-11851

CVE-2024-11851 affects the NitroPack WordPress plugin (versions ≤ 1.17.0). An authenticated attacker with subscriber+ privileges can update arbitrary transients due to a missing capability check in nitropack_rml_notification, with transients limited to integers. Connected sources (Patchstack/Red ...

4.3CVSS4.5AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder