CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

EUVD-2026-21356

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

Bludit 跨站请求伪造漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.1 of Bludit contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of anti-CSRF tokens on the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints,...

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

MAL-2025-148959 Malicious code in uninstall-html-webpack-plugin-leda-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afb68b97568f84089399c4178cd2addd4a7ad438f5e102df3bae522b903b5bb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2015-9172

Malware in sbrugna...

CVE-2015-9332

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-1777 · Vmware · Vmware Enhanced Authentication Plug-In

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in EAP affected versions not specified Description: The issue is related to arbitrary authentication relay and session hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP. Th...

CVE-2023-46520

TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle...

CVE-2023-46520

TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle...

PT-2023-6445 · Tp Link · Tp-Link Tl-Wr886N

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-WR886N version 7.0 3.0.14 Build 221115 Rel.56908n.bin Description: The issue is related to a stack overflow via the uninstallPluginReqHandle function, which can allow a remote attacker to execute arbitrary code. This is due to a...

TP-LINK WR886N Buffer Error Vulnerability

The TP-LINK WR886N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR886N V7.03.0.14Build221115Rel.56908n.bin version, which originates from a buffer overflow vulnerability in the uninstallPluginReqHandle method...

VulnCheck KEV: CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...

Duplicate Advisory: OS Command Injection in Strapi

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...