15 matches found
EUVD-2024-51267
Malicious code in bioql PyPI...
CVE-2025-0180
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...
CVE-2024-13010
The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-13011
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...
CVE-2025-0181
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possibl...
CVE-2025-0181
CVE-2025-0181 affects WP Foodbakery (WordPress) up to version 4.7. It enables unauthenticated privilege escalation via foodbakery_parse_request by bypassing identity validation, potentially leading to an administrator account takeover. The related feeds indicate the issue has been patched; exact ...
CVE-2025-0181 WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possibl...
CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...
CVE-2025-0180
CVE-2025-0180 affects WP Foodbakery (WordPress)
CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...
CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting
The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting
The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...
CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakeryradius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability...
CVE-2021-24389
CVE-2021-24389 : WordPress WP FoodBakery plugin (pre-2.2) used with FoodBakery theme (pre-2.2) contains an unauthenticated reflected XSS in the foodbakery_radius parameter, which is not properly sanitized before echoed in the response. Impact stated: potential for injection of malicious scripts l...