EUVD-2026-31025

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...

CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

CVE-2025-1233

The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...

EUVD-2025-17054

Malicious code in bioql PyPI...

EUVD-2025-9913

Malicious code in bioql PyPI...

CVE-2025-1778

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

CVE-2025-1778

CVE-2025-1778 affects Art Theme (WordPress Theme). Root cause: missing capability check on the AJAX function arttheme_theme_option_restore, allowing authenticated attackers with subscriber-level access and above to delete the theme option. Affected versions: all up to and including 3.12.2.3. Reme...

CVE-2025-1778 Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

PT-2025-24014 · WordPress · The Art Theme

Name of the Vulnerable Software and Affected Versions: The Art Theme for WordPress versions up to, and including, 3.12.2.3 Description: The issue is related to unauthorized access due to a missing capability check on the 'arttheme theme option restore' AJAX function. This allows authenticated...

CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update

The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...

CVE-2025-1233

CVE-2025-1233 concerns the Lafka Plugin for WordPress, where a missing capability check on the AJAX function lafka_options_upload allows unauthorized access to update the site theme options. The issue affects all versions up to and including 7.1.0. The vulnerability arises from insufficient autho...

CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update

The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...

PT-2025-15056 · WordPress · Lafka Plugin

Name of the Vulnerable Software and Affected Versions: Lafka Plugin for WordPress versions up to, and including, 7.1.0 Description: The issue is related to unauthorized access due to a missing capability check on the lafka options upload AJAX function. This allows authenticated attackers with...