Nixpkgs security tracker

Untriaged

Permalink CVE-2026-25460

created 3 weeks, 3 days ago

WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.

References

https://patchstack.com/database/Wordpress/Plugin/ave-core/vulnerability/wordpre… vdb-entry

Affected products

ave-core

=<<= 2.9.1

Matching in nixpkgs

pkgs.haskellPackages.weave-core

Core definitions for weave

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.weave-core