EUVD-2025-36971

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myapppverify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data...

PT-2025-20836 · WordPress · Thegem

Name of the Vulnerable Software and Affected Versions: TheGem theme for WordPress versions up to and including 5.10.3 Description: The issue concerns unauthorized modification of data due to a missing capability check in the ajaxApi function. This allows authenticated attackers with...

PT-2025-9032 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO version 6.4.0 Description: The issue concerns a file upload vulnerability in the ThemeDataService.php file. This vulnerability allows for the upload of files, potentially leading to security issues. The estimated number of potentially...

ShopXO 代码问题漏洞

ShopXO is an open source enterprise-grade open source e-commerce system from ShopXO Inc. A security vulnerability exists in ShopXO version 6.4.0, which stems from the existence of file uploads in ThemeDataService.php...

CVE-2024-1361

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall function. This makes it possible for unauthenticated attackers to call a limited set of...

Colibri Page Builder < 1.0.260 - Import Images, Delete Post, Save Theme Data via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the apiCall function, allowing unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request...

PT-2024-17973 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.253 Description: The issue is due to missing or incorrect nonce validation on the apiCall function, making it possible for unauthenticated attackers to call a limite...

SUSE CVE-2016-1948

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...

CVE-2022-29610

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete theme data, which could result in Stored Cross-Site Scripting XSS attack...

CVE-2022-29610

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete theme data, which could result in Stored Cross-Site Scripting XSS attack...

Mozilla Firefox Man-in-the-Middle Attack Vulnerability (CNVD-2016-00851)

Mozilla Firefox on Android is an open source web browser for the Android platform. Mozilla Firefox on Android fails to ensure that lightweight themes are installed using HTTPS, allowing remote attackers to perform man-in-the-middle attacks by modifying client-server data streams, changing theme...