16 matches found
EUVD-2025-19695
Malicious code in bioql PyPI...
EUVD-2025-12389
Malicious code in bioql PyPI...
CVE-2025-4946
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946
The CVE-2025-4946 entry concerns the WordPress Vikinger theme (
PT-2025-27620 · WordPress · Vikinger +1
Name of the Vulnerable Software and Affected Versions: Vikinger theme for WordPress versions up to, and including, 1.9.32 Description: The issue is related to insufficient file path validation in the vikinger delete activity media ajax function. This allows authenticated attackers with...
WordPress Vikinger Theme <= 1.9.32 is vulnerable to Arbitrary File Deletion
Software Vikinger Type Theme Vulnerable versions = 1.9.32 Fixed in 1.9.33 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-4946 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID b0a366979549 Credits Foxyyy Required privilege Subscriber Publish...
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-2238
CVE-2025-2238 (Vikinger theme) A privilege-escalation vulnerability in Vikinger WordPress theme (versions up to 1.9.30) arises from insufficient restrictions in vikinger_user_meta_update_ajax. Authentication requirement is Subscriber-level or higher, allowing an authenticated attacker to escalate...
CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2025-17886 · WordPress · Vikinger
Name of the Vulnerable Software and Affected Versions: Vikinger theme for WordPress versions up to, and including, 1.9.30 Description: The issue is due to insufficient user meta restrictions in the vikinger user meta update ajax function, allowing authenticated attackers with Subscriber-level...
WordPress Vikinger theme <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax' vulnerability
Authenticated Subscriber+ Privilege Escalation via 'vikingerusermetaupdateajax' vulnerability discovered by Tonn in WordPress Theme Vikinger versions = 1.9.30...