Lucene search
+L

68 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1326

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00867EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-24651

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00645EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/09/17 11:25 a.m.2 views

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

5.3CVSS4.8AI score0.00262EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/09/17 12:11 a.m.8 views

WordPress Sydney plugin <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Theme Options Update vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Sydney versions = 2.56...

5.3CVSS7AI score0.00262EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/07/25 5:35 p.m.6 views

SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...

9.8CVSS6.9AI score0.03123EPSS
Exploits1References31
RedhatCVE
RedhatCVE
added 2025/05/23 12:52 a.m.11 views

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...

6.5CVSS6.7AI score0.00645EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/05/12 8:47 p.m.4 views

WordPress TheGem plugin <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Theme Options Update vulnerability discovered by Foxyyy in WordPress Theme TheGem versions = 5.10.3...

4.3CVSS7AI score0.00397EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/02 4:15 a.m.6 views

CVE-2024-13419

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2025/03/19 12:15 p.m.6 views

CVE-2024-13933

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete,...

8.8CVSS0.00206EPSS
Exploits0References2
CVE
CVE
added 2025/03/19 11:10 a.m.52 views

CVE-2024-12920

CVE-2024-12920 affects FoodBakery | Delivery Restaurant WordPress Theme (

8.8CVSS8.5AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/19 11:10 a.m.7 views

CVE-2024-12920 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete, themeoptionsave, exportwidgetsettings,...

8.8CVSS6.9AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2025/03/19 11:10 a.m.57 views

CVE-2024-13933

CVE-2024-13933 : FoodBakery | Delivery Restaurant Directory WordPress Theme (≤ 4.7) has a Cross-Site Request Forgery flaw due to missing/incorrect nonce validation across multiple functions (foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_setting...

8.8CVSS8.4AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2025/03/14 12:15 p.m.5 views

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...

8.1CVSS5.9AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2025/03/14 6:15 a.m.20 views

CVE-2025-2289

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

8.8CVSS0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/14 5:24 a.m.4 views

CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

4.3CVSS6.5AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/14 5:24 a.m.17 views

CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

4.3CVSS0.00264EPSS
Exploits0References2
CVE
CVE
added 2025/03/14 5:24 a.m.69 views

CVE-2025-2289

CVE-2025-2289 (Zegen - Church WordPress Theme) affects the WordPress theme Zegen up to version 1.1.9. The vulnerability is caused by a missing capability check on several AJAX endpoints, allowing authenticated attackers with Subscriber-level access and above to import, export, and update theme op...

8.8CVSS6.6AI score0.00264EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.5 views

WordPress plugin JobCareer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.6AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/05 3:16 p.m.9 views

CVE-2025-25121

Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...

7.1CVSS7.2AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/03/03 2:15 p.m.6 views

CVE-2025-25121

Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...

7.1CVSS0.00178EPSS
Exploits0References1
Rows per page
Query Builder