CVE-2026-4124

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...

CVE-2026-4124 Ziggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...

EUVD-2024-20349

Malicious code in bioql PyPI...

CVE-2024-22819

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailtempletsupdate...

CVE-2024-22819

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailtempletsupdate...

CVE-2024-22819

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailtempletsupdate...

CVE-2024-22819

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailtempletsupdate...

PT-2024-19577 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It occurs via the /system/email/email templets update API endpoint. This allows for potentially malicious requests to be made without the user's...