13 matches found
EUVD-2025-22405
Malicious code in bioql PyPI...
EUVD-2025-22400
Malicious code in bioql PyPI...
CVE-2025-6215
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public permissioncallback always returns true and invokes wpcreateuser unconditionally, ignoring the site’s...
CVE-2025-6214
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up to, and including, 1.0.9. The route’s permissioncallback only verifies that the requester is logged in, but fails to require any nonce or other proof of intent. This...
CVE-2025-6214
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up to, and including, 1.0.9. The route’s permissioncallback only verifies that the requester is logged in, but fails to require any nonce or other proof of intent. This...
CVE-2025-6214
CVE-2025-6214 (Omnishop) : WordPress plugin Omnishop
CVE-2025-6214 Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up to, and including, 1.0.9. The route’s permissioncallback only verifies that the requester is logged in, but fails to require any nonce or other proof of intent. This...
CVE-2025-6214 Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint
The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up to, and including, 1.0.9. The route’s permissioncallback only verifies that the requester is logged in, but fails to require any nonce or other proof of intent. This...
CVE-2025-6215 Omnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public permissioncallback always returns true and invokes wpcreateuser unconditionally, ignoring the site’s...
CVE-2025-6215
CVE-2025-6215 - Omnishop WordPress Plugin : The Omnishop plugin (WordPress) is vulnerable to unauthenticated registration bypass in all versions up to 1.0.9. The REST endpoint /users/register is publicly accessible because permission_callback always returns true and it calls wp_create_user() unco...
CVE-2025-6215 Omnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public permissioncallback always returns true and invokes wpcreateuser unconditionally, ignoring the site’s...
PT-2025-30515 · WordPress · Omnishop
Name of the Vulnerable Software and Affected Versions: Omnishop plugin for WordPress versions up to and including 1.0.9 Description: The Omnishop plugin for WordPress is susceptible to unauthenticated registration bypass. The /users/register API endpoint is publicly exposed and unconditionally...
PT-2025-30514 · WordPress · Omnishop
Name of the Vulnerable Software and Affected Versions: Omnishop versions up to and including 1.0.9 Description: The Omnishop plugin for WordPress is susceptible to Cross-Site Request Forgery on its /users/delete REST route. The route’s permission callback only verifies that the requester is logge...