CVE-2020-10492

CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request...

CVE-2024-2322

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

EUVD-2020-2945

Malware in sbrugna...

EUVD-2024-27276

Malicious code in bioql PyPI...

EUVD-2022-51472

Malicious code in bioql PyPI...

CVE-2025-54125

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motorscreatetemplate and motorsdeletetemplate functions in all versions up to, and including, 1.4.57. This makes it possible for...

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

CVE-2025-26352

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests...

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform. An attacker could use this vulnerability to inject Javascript code into a page by forging a URL and trigger a cross-site...

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know...

PT-2023-13945 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons WordPress plugin versions prior to 1.3.56 Description: The issue is related to the lack of authorization and CSRF checks when deleting a template, and it does not ensure that the post to be deleted is a template. Th...

Remote code execution

A Server-Side Template Injection SSTI was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL...

CVE-2022-21179

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

CVE-2020-3413 Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for request...

CloudBees Jenkins Email Extension Template Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor continuous software release/testing projects and a number of timed tasks.Email Extension Template Plugin is used in it. An email notification plugin . ...

emlog has an arbitrary file deletion vulnerability

emlog is a functional blog and CMS builder based on PHP and MySQL. There is an arbitrary file deletion vulnerability in emlog. The vulnerability is caused by the program does not filter the template deletion function , an attacker can use the vulnerability to delete arbitrary files on the server...

CVE-2015-6965

Multiple cross-site request forgery CSRF vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 create a field, 2 update a field, 3 delete a field, 4 create a form, 5 update a...