68 matches found
EUVD-2022-1326
Malicious code in bioql PyPI...
EUVD-2022-24651
Malicious code in bioql PyPI...
CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...
WordPress Sydney plugin <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Theme Options Update vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Sydney versions = 2.56...
SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...
CVE-2022-1323
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...
WordPress TheGem plugin <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Theme Options Update vulnerability discovered by Foxyyy in WordPress Theme TheGem versions = 5.10.3...
CVE-2024-13419
Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-13933
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete,...
CVE-2024-12920
CVE-2024-12920 affects FoodBakery | Delivery Restaurant WordPress Theme (
CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete, themeoptionsave, exportwidgetsettings,...
CVE-2024-13933
CVE-2024-13933 : FoodBakery | Delivery Restaurant Directory WordPress Theme (≤ 4.7) has a Cross-Site Request Forgery flaw due to missing/incorrect nonce validation across multiple functions (foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_setting...
CVE-2024-12810
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...
CVE-2025-2289
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...
CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...
CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates
The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...
CVE-2025-2289
CVE-2025-2289 (Zegen - Church WordPress Theme) affects the WordPress theme Zegen up to version 1.1.9. The vulnerability is caused by a missing capability check on several AJAX endpoints, allowing authenticated attackers with Subscriber-level access and above to import, export, and update theme op...
WordPress plugin JobCareer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-25121
Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...
CVE-2025-25121
Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...