39 matches found
EUVD-2022-33353
Malicious code in bioql PyPI...
EUVD-2022-1561
Malicious code in bioql PyPI...
EUVD-2022-24944
Malicious code in bioql PyPI...
EUVD-2022-5352
Malicious code in bioql PyPI...
CVE-2022-1658
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
CVE-2020-25263
PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...
CVE-2024-7568
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the outputsubadminpage0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2022-1658
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
CVE-2022-1658
Vulnerability exists in WordPress Jupiter premium/theme (Jupiter Theme) versions up to 6.10.1, where an authenticated user can delete plugins via the abb_remove_plugin AJAX action (no capability/nonce checks). Affected sites using Jupiter Theme
CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
Vulnerable versions of the Jupiter Theme = 6.10.1 allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, an...
Jupiter < 6.10.2 - Subscriber+ Arbitrary Plugin Deletion
Any authenticated user, such as subscriber, can delete arbitrary plugins via the abbremoveplugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file...
WordPress Jupiter premium theme <= 6.10.1 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion
Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
GHSA-W4F3-7F7C-X652 SQL Injection in tribalsystems/zenario
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
SQL Injection in tribalsystems/zenario
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion
The plugin includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation...
WordPress Login with phone number plugin <= 1.3.6 - Unauthenticated Remote Plugin Deletion vulnerability
Unauthenticated Remote Plugin Deletion vulnerability discovered by Michal Lipinski in WordPress Login with phone number plugin versions = 1.3.6. Solution Update the WordPress Login with phone number plugin to the latest available version at least 1.3.7...
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...