344 matches found
WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...
EUVD-2026-12198
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...
CVE-2026-1883
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...
WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...
CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...
CVE-2026-1883
CVE-2026-1883 affects the WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types. It states that all versions up to 4.1.0 are vulnerable to an Insecure Direct Object Reference (IDOR) in the delete_folders() function due to missing validation on a user-controlle...
PT-2026-25528
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete folders function due to missing validation on a user controlled key. This makes it possib...
Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration
This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAPMigration fixes the following issues: Changes for SLES16-SAPMigration: Bump version: 2.1.30 Changes for SLES16-Migration: Bump version: 2.1.30 Changes for suse-migration-sle16-activation:...
CVE-2026-24820 A stack overflow vulnerability in turanszkij/WickedEngine
Out-of-bounds Read vulnerability in turanszkij WickedEngine WickedEngine/LUA modules. This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705...
Wicked Engine security vulnerabilities
Wicked Engine is a 3D graphics engine developed by Turánszki János individually. Versions of Wicked Engine prior to 0.71.705 contained security vulnerabilities, which were caused by an out-of-bound read operation in the program file ldebug.C...
Wicked Engine security vulnerabilities
Wicked Engine is a 3D graphics engine developed by Turánszki János individually. Versions of Wicked Engine 0.71.727 and earlier contained security vulnerabilities, which were caused by an out-of-bounds read vulnerability in the lparser.C program file...
CVE-2020-7217
An nidhcp4fsmprocessdhcp4packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id...
CVE-2020-7216
An nidhcp4parseresponse memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option...
SUSE SLED15 / SLES15 : Recommended update for suse-migration-sle16-activation, SLES16-Migration, SLES16-SAP_Migration, suse-migration-services, suse-migration-rpm, wicked2nm, image-janitor (SUSE-SU-SUSE-RU-2025:4131-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:4131-1 advisory. Changes for suse-migration-sle16-activation: - Simplify interface naming by disabling predictable names at boot...
MAL-2025-139112 Malicious code in wicked-red-owl (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b889f681a3b15c54b0b220cf724a3642aca92386fe45e72d8677e5bbb23909ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-116990
Malicious code in wicked-red-owl npm...
MAL-2025-110899 Malicious code in wicked_swallow-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7fd2f933a0586b933a5aefeeabc45ecbe554e32c3f39632632ca62d7016c3ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-77934
Malicious code in wickedsawfishz3n npm...
Malicious code in wicked_sawfish_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea1c10dc7070119eb8feb08d174527c157ef63f835e9f36ada146d97ae0e6bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...