96 matches found
CVE-2026-2295
CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...
WordPress plugin WPZOOM Addons for Elementor – Starter Templates & Widgets 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.2 - Unauthenticated Protected Post Exposure via ajaxpostgridloadmore vulnerability discovered by Webbernaut in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.2...
WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...
WordPress Starter Templates plugin <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via WXR Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin Starter Templates versions = 4.4.41...
CVE-2025-13065
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
EUVD-2025-201543
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
CVE-2025-13065 Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
CVE-2025-13065 Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
CVE-2025-13065
The CVE-2025-13065 vulnerability affects the WordPress Starter Templates plugin (versions up to and including 4.4.41). Root cause: insufficient file-type validation for WXR uploads allows double extensions to bypass sanitization, enabling an authenticated attacker with author-level access or high...
WordPress plugin Starter Templates 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-49358
Name of the Vulnerable Software and Affected Versions WordPress Starter Templates versions up to and including 4.4.41 Description The Starter Templates plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation when handling WXR files. This allows files wi...
EUVD-2025-4036
Malicious code in bioql PyPI...
EUVD-2023-46297
Malicious code in bioql PyPI...
EUVD-2023-38450
Malicious code in bioql PyPI...
EUVD-2024-42381
Malicious code in bioql PyPI...
EUVD-2022-49632
Malicious code in bioql PyPI...
EUVD-2023-46296
Malicious code in bioql PyPI...
EUVD-2025-3776
Malicious code in bioql PyPI...
CVE-2025-24568
Cross-Site Request Forgery CSRF vulnerability in Brainstorm Force Starter Templates astra-sites allows Cross Site Request Forgery.This issue affects Starter Templates: from n/a through = 4.4.9...