@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +46 more potentially affected by CVE-2026-44372 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.7.2, =0.27.1, =0.8.1, =0.16.0 and more Source cves: CVE-2026-44372 Source advisory: OSV:GHSA-9PHM-9P8F-HW5M...

@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +46 more potentially affected by CVE-2026-44373 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.7.2, =0.27.1, =0.8.1, =0.16.0 and more Source cves: CVE-2026-44373 Source advisory: OSV:GHSA-5W89-W975-HF9Q...

EUVD-2024-34381

Malicious code in bioql PyPI...

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

CVE-2024-11851

CVE-2024-11851 affects the NitroPack WordPress plugin (versions ≤ 1.17.0). An authenticated attacker with subscriber+ privileges can update arbitrary transients due to a missing capability check in nitropack_rml_notification, with transients limited to integers. Connected sources (Patchstack/Red ...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...