About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass - Hunk Companion WordPress plugin CVE-2024-11972 vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000...

WordPress plugin Hunk Companion 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...

CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9...

CVE-2023-28990 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in hashthemes Viral Mag viral-mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through = 1.0.9...

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19...

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in hashthemes Total total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through = 2.1.19...

PT-2024-12133 · Unknown · Total Theme

Name of the Vulnerable Software and Affected Versions: Total versions prior to 2.1.19 Description: The issue allows authenticated users to activate arbitrary plugins due to missing authorization, exploiting incorrectly configured access control security levels. Recommendations: Update to Total...

WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Zita Site Builder versions = 1.0.2...

VulnCheck KEV: CVE-2024-11972

A vulnerability is present in the Hunk Companion plugin that allows installation and activation of plugins from the Wordpress.org repository via an unauthenticated POST request...

CVE-2023-23834 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

CVE-2023-28416 WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability

Missing Authorization vulnerability in sparklewpthemes Chankhe chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through = 1.0.5...

CVE-2023-28532

CVE-2023-28532 relates to the WordPress Real Estate Directory Theme (= 1.0.6. If upgrading is not feasible, apply the vendor-supplied mitigation per Patchstack guidance.

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in listingthemes Real Estate Directory real-estate-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through = 1.0.5...

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5...

WordPress Gaga Lite theme <= 1.4.2 - Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Gaga Lite versions = 1.4.2...

WordPress One Paze theme <= 2.2.8 - Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme One Paze versions = 2.2.8...

WordPress AccessPress Staple theme <= 1.9.1 - Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme AccessPress Staple versions = 1.9.1...

WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Grip versions = 1.0.9...

WordPress PostX plugin <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation vulnerability

Missing Authorization to Arbitrary Plugin Installation/Activation vulnerability discovered by Sean Murphy in WordPress Plugin PostX versions = 4.1.16...

UBUNTU-CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...