18992 matches found
CVE-2026-39593
CVE-2026-39593 affects the WordPress plugin HAPPY (versions up to 1.0.10). The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access controls, potentially enabling unauthenticated network requests to affect integrity and availability. CVSS ...
CVE-2026-39593 WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...
Malicious code in tailwindcss-theme-custom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview tailwindcss-theme-custom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-4225 Malicious code in tailwindcss-theme-custom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 018631578c90dccfae7d22483708ce7ddd497f68e0d1f4cd03c862b47801b59d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...
CVE-2026-8423
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...
CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
CVE-2026-5293
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
CVE-2026-5293
The CVE concerns the WordPress plugin Diagnosis Generator (診断ジェネレータ作成プラグイン) up to version 1.4.16. It enables Stored Cross-Site Scripting via the js parameter due to missing authorization checks and insufficient input sanitization in themeFunc(), which runs on admin_init and processes theme update...
CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...
EUVD-2026-31025
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...
CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...
CVE-2026-8423
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 2.0.5 due to missing/incorrect nonce validation on the options page. This allows unauthenticated attackers to change the site’s active theme by modifying the ...
CVE-2026-8423
The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...
WordPress plugin os-diagnosis-generator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin JaviBola Custom Theme Test 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-42057
The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
PT-2026-42079
Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6 Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to...
WordPress JaviBola Custom Theme Test plugin <= 2.0.5 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin JaviBola Custom Theme Test versions = 2.0.5...