66 matches found
EUVD-2024-34381
Malicious code in bioql PyPI...
EUVD-2023-56795
Malicious code in bioql PyPI...
EUVD-2024-34380
Malicious code in bioql PyPI...
CVE-2025-8778
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress NitroPack plugin unauthorized modification vulnerability
WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...
CVE-2025-8778
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-8778 NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropacksetcompressionajax function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-8778
Summary (CVE-2025-8778): The NitroPack plugin for WordPress (versions up to 1.18.4) has a missing capability check in nitropack_set_compression_ajax(), enabling authenticated attackers with Subscriber-level access or higher to modify nitropack-enableCompression and alter plugin compression settin...
PT-2025-37019
Name of the Vulnerable Software and Affected Versions: NitroPack versions up to and including 1.18.4 Description: The NitroPack plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the nitropack set compression ajax function...
WordPress plugin NitroPack 安全漏洞
WordPress NitroPack plugin is a speed optimization plugin that is mainly used to improve the loading speed of your website. WordPress NitroPack plugin has an unauthorized modification vulnerability that stems from a lack of capability check in the function nitropacksetcompressionajax, which can b...
WordPress NitroPack plugin <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Settings Update via nitropacksetcompressionajax Function vulnerability discovered by Peter Thaleikis in WordPress Plugin NitroPack versions = 1.18.4...
CVE-2024-43922
Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...
CVE-2024-11851
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...
CVE-2024-11848
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-11848
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-11851
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...
CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...
CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...
CVE-2024-11851
CVE-2024-11851 affects the NitroPack WordPress plugin (versions ≤ 1.17.0). An authenticated attacker with subscriber+ privileges can update arbitrary transients due to a missing capability check in nitropack_rml_notification, with transients limited to integers. Connected sources (Patchstack/Red ...