WordPress plugin Frontend Admin by DynamiApps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

PT-2026-41274

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the admin form post type. The...

CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

CVE-2025-13680

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress plugin Tiger 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-11923

CVE-2025-11923 (LifterLMS) — Summary for the WordPress plugin vulnerability Affected product: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes (WordPress plugin). Root cause: Privilege escalation due to insufficient identity validation before allowing role modification via the REST API...

CVE-2025-11923 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

EUVD-2024-2617

Malicious code in bioql PyPI...

EUVD-2024-33087

Malicious code in bioql PyPI...

EUVD-2025-12137

Malicious code in bioql PyPI...

EUVD-2024-47571

Malicious code in bioql PyPI...

SQL Injection

github.com/suyuan32/simple-admin-core is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation because the /sys-api/role/update interface fails to properly sanitize user input, allowing partial data leakage or disruption of system operations...

GHSA-F2M2-4Q6R-CWC4 simple-admin-core SQL Injection vulnerability

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

simple-admin-core SQL Injection vulnerability

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

CVE-2025-51667

Technical details for CVE-2025-51667 are not publicly available in the provided connected documents. Monitor for updates.

admin-console 安全漏洞

admin-console is an Agora core view management interface from Sequent open source. A security vulnerability exists in admin-console versions v1.2.0 through v1.6.7, which stems from improper handling of the /sys-api/role/update interface, which could lead to an SQL injection attack...

PT-2025-34906

Name of the Vulnerable Software and Affected Versions: simple-admin-core versions 1.2.0 through 1.6.7 Description: An issue exists in the /sys-api/role/update interface of the simple-admin-core system. This interface has a SQL injection vulnerability that may lead to partial data leakage or...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...