22 matches found
EUVD-2024-47865
Malicious code in bioql PyPI...
EUVD-2023-59080
Malicious code in bioql PyPI...
EUVD-2022-52012
Malicious code in bioql PyPI...
CVE-2024-6872
The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2024-6872
The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
CVE-2023-6876
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...
WordPress Clever Fox plugin <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability
Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability discovered by Lucio Sá in WordPress Plugin Clever Fox versions = 25.2.0...
CVE-2024-0768
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
Cross site request forgery (csrf)
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
CVE-2024-0768 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajaxthemeactivation function. This makes it possible for unauthenticated...
PT-2024-15805 · Envo · Elementor Templates & Widgets For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to and including 1.4.4 Description: The issue is due to missing or incorrect nonce validation on the ajax theme activation function, making it possible...
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Theme Activation via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxthemeactivation function, allowing unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into...
CVE-2023-23891
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in OceanWP Ocean Extra plugin = 2.1.1 versions. Needs the OceanWP theme installed and activated...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
Improper access control
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4700 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...
CVE-2022-4700 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...