12 matches found
CVE-2025-8606
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
WordPress Zigcy Lite theme <= 2.0.9 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Lite theme versions = 2.0.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Vmagazine News <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Vmagazine News versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Zigcy Cosmetics theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics theme versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress Arrival theme <= 1.4.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability
Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Arrival theme versions = 1.4.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress WP Store theme <= 1.1.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress WP Store theme versions = 1.1.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress AccessPress Parallax theme <= 4.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Parallax theme versions = 4.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...
WordPress VMagazine Lite theme <= 1.3.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress VMagazine Lite theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress ScrollMe theme <= 2.1.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress Edict Lite theme <= 1.1.4 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Edict Lite theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
WordPress Sakala theme <= 1.0.4 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation
Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Sakala theme versions = 1.0.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...
Multiple Themes - Unauthenticated Function Injection
Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions. The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress...