GHSA-hm42-q32m-vj4f: Admidio: CSRF on Plugin Install, Uninstall, and Update via Unprotected GET Requests
Admidio versions up to 5.0.11 have a CSRF vulnerability in the modules/plugins.php endpoint, which handles plugin install, uninstall, and update operations via GET requests without CSRF token…
Read the full articleYou might also wanna read
Supply Chain Attack Compromises Official GravityForms Plugin Repository
Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file p

WAF - WAF Release - 2025-11-24
This week highlights enhancements to detection signatures improving coverage for vulnerabilities in FortiWeb, linked to CVE-2025-64446, alon
Introducing organizational controls to restrict Composer plugins for supply chain security
This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co
blog.packagist.com·28d ago
WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

Comments
Sign in to join the conversation.
No comments yet. Be the first.