Nixpkgs security tracker

Untriaged

Permalink CVE-2025-52718

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 9 months, 2 weeks ago

WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2.

References

https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-a… vdb-entry

Affected products

alone

=<7.8.2

Matching in nixpkgs

pkgs.selendroid

Test automation for native or hybrid Android apps and the mobile web

nixos-unstable 0.17.0
- nixpkgs-unstable 0.17.0
- nixos-unstable-small 0.17.0

pkgs.stalonetray

Stand alone tray

nixos-unstable 0.8.5
- nixpkgs-unstable 0.8.5
- nixos-unstable-small 0.8.5

pkgs.argp-standalone

Standalone version of arguments parsing functions from Glibc

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0

pkgs.cbqn-standalone

BQN implementation in C

nixos-unstable 0.9.0
- nixpkgs-unstable 0.9.0
- nixos-unstable-small 0.9.0

pkgs.htmlunit-driver

WebDriver server for running Selenium tests on the HtmlUnit headless browser

nixos-unstable 2.27
- nixpkgs-unstable 2.27
- nixos-unstable-small 2.27

pkgs.cbqn-standalone-replxx