5 matches found
CVE-2026-32377
CVE-2026-32377 affects the WordPress Pranayama Yoga theme (pranayama-yoga) up to version 1.2.2. Root cause: missing Authorization / broken access control enabling exploitation of incorrectly configured access control security levels. Impact: potential unauthorized access or actions due to access-...
python-multipart 安全漏洞
python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions prior to 1.2.2, 1.3.1, and 1.4.0-dev contained security vulnerabilities. These vulnerabilities stemmed from the use of ambiguous regular expressions in the parseoptionsheader function, which...
PT-2025-47282
Name of the Vulnerable Software and Affected Versions wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress versions up to and including 1.2.2 Description The plugin does not properly verify user authorization when accessing sensitive information through an AJAX...
WordPress Birdily | Travel Agency & Tour Booking WordPress Theme Theme <= 1.2.2 is vulnerable to Local File Inclusion
Software Birdily | Travel Agency & Tour Booking WordPress Theme Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d54eefcef883 Credits Tran...
PT-2024-38512 · WordPress · Dn Popup
Name of the Vulnerable Software and Affected Versions: DN Popup WordPress plugin versions 1.2.2 and earlier Description: The issue is related to the lack of a CSRF check when updating the plugin's settings. This could allow attackers to make a logged-in admin change the settings via a CSRF attack...