5 matches found
CVE-2026-3614
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2026-23188
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-3614
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2015-1559
Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...
kdm password-less login vulnerability
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors...