CVE-2021-47937

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2026-27741

Bludit 3.16.1 is affected by a CSRF vulnerability in /admin/uninstall-plugin/ and /admin/install-theme/ due to missing anti-CSRF tokens/origin validation. An attacker could entice an authenticated administrator to perform crafted requests, enabling unauthorized plugin uninstallation or theme inst...

CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

CVE-2026-27741 Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the install process in the Add New Themes Page. An attacker can gain unauthorized access to restricted actions by exploiting insufficient privilege checks in the /admin-cp/theme/install endpoint...

juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developers based on the Laravel framework and Web platform. A security vulnerability exists in juzaweb CMS version 3.4.2, which stems from improper authorization due to misuse of the file /admin-cp/theme/install...

WordPress Sastra Essential Addons for Elementor plugin <= 1.0.14 - Missing Authorization to Spexo Theme Install vulnerability

Missing Authorization to Spexo Theme Install vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.14...

WordPress plugin Spexo Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...