CVE-2025-3915

CVE-2025-3915 affects the WordPress plugin “Aeropage Sync for Airtable” in all versions up to 3.2.0. The root cause is a missing capability check in the aeropageDeletePost function, enabling authenticated users with Subscriber-level access and above to delete arbitrary posts, leading to unauthori...

CVE-2025-3915 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3914 Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropagemediadownloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access a...

CVE-2025-3914

The Aeropage Sync for Airtable WordPress plugin (≤ 3.2.0) is affected by an arbitrary file upload vulnerability caused by missing file-type validation in the aeropage_media_downloader function. Authenticated users with Subscriber-level access or higher can upload arbitrary files to the server, wi...

CVE-2025-3914 Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload

The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropagemediadownloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access a...

PT-2025-17952 · WordPress · Aeropage Sync For Airtable

Name of the Vulnerable Software and Affected Versions: Aeropage Sync for Airtable plugin for WordPress versions up to, and including, 3.2.0 Description: The issue is related to unauthorized loss of data due to a missing capability check on the aeropageDeletePost function. This allows authenticate...

WordPress plugin Aeropage Sync for Airtable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-17951 · WordPress · Aeropage Sync For Airtable

Name of the Vulnerable Software and Affected Versions: Aeropage Sync for Airtable plugin for WordPress versions up to, and including, 3.2.0 Description: The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aeropage...

WordPress plugin Aeropage Sync for Airtable 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

WordPress Aeropage Sync for Airtable plugin <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Cheng Liu in WordPress Plugin Aeropage Sync for Airtable versions = 3.2.0...

CVE-2025-32573

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3...

CVE-2025-39381

Cross-Site Request Forgery CSRF vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4...

CVE-2025-39381 WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4...

CVE-2025-39381 WordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kiotviet KiotViet Sync allows Stored XSS. This issue affects KiotViet Sync: from n/a through 1.8.4...

CVE-2025-39381

CVE-2025-39381 describes a CSRF to Stored XSS vulnerability in KiotViet Sync for WordPress, affecting KiotViet Sync versions up to 1.8.4. The issue is confirmed across multiple sources (NVD, Red Hat, CVE list), with a CVSS v3.1 base score of 7.1 (High). Public remediation in connected documents i...

PT-2025-17746 · Unknown · Kiotviet Sync

Name of the Vulnerable Software and Affected Versions: KiotViet Sync versions 1.8.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress plugin Kiotviet KiotViet Sync 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...