CVE-2024-13419

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...

CVE-2024-13420

CVE-2024-13420 is documented as a vulnerability in the WordPress ecosystem where the Smart Framework family (Beyot Framework, Benaa Framework, Auteur Framework, April Framework) suffers from missing authorization checks on AJAX actions (e.g., gsf_reset_section_options, gsf_create_preset_options)....

CVE-2024-13419

CVE-2024-13419 affects WordPress plugins/themes that use Smart Framework. The issue is a missing capability check in saveOptions() and importThemeOptions(), enabling authenticated users with Subscriber-level access or higher to update plugin/theme settings and inject custom JavaScript that runs s...

WordPress plugin April Framework、Auteur Framework、Benaa Framework和Beyot Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress多款产品 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL, and the...

PT-2025-18355 · WordPress · Product Grid +6

Name of the Vulnerable Software and Affected Versions: The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress versions up to, and including, 2.4.1 Description: The issue is related to...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +135 more potentially affected by CVE-2025-3910 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-3910 Source advisory:...

Malicious code in blur-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 546086c9d282770ea8502cf0f8216b1108513a9a88261a4f447bd8ec95a09b0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3546 Malicious code in blur-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 546086c9d282770ea8502cf0f8216b1108513a9a88261a4f447bd8ec95a09b0d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-3104

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

GL.iNet Router 安全漏洞

GL.iNet Router is a series of routers from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet Router that originates from a buffer overflow in the plugins.so file of the RPC Handler component...

CVE-2025-39517

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through = 2.7...

CVE-2025-39547

Cross-Site Request Forgery CSRF vulnerability in Toast Plugins Internal Link Optimiser internal-link-finder allows Stored XSS.This issue affects Internal Link Optimiser: from n/a through = 5.1.3...

CLSA-2025-1744927038 libreoffice: Fix of CVE-2023-6185

CVE-2023-6185: escape filename of embedded video to prevent execution of arbitrary GStreamer plugins...

CVE-2025-39444

CVE-2025-39444 – WordPress MaxButtons plugin