39 matches found
CVE-2025-13093
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
EUVD-2025-203217
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-13093
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-13093
CVE-2025-13093 affects the WordPress plugin “Devs CRM – Manage tasks, attendance and teams all together” and concerns an unauthorized data modification vulnerability. The issue is caused by a missing capability check on the REST-API endpoint /wp-json/devs-crm/v1/bulk-update and affects all versio...
CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
PT-2025-51061
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...
CVE-2025-62730
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
EUVD-2025-198305
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
CVE-2025-62730
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
CVE-2025-62730
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...
CVE-2025-62730
SOPlanning is vulnerable to Privilege Escalation via the user management tab. A user with the user_manage_team role can modify permissions and assign administrative rights to any user, including themselves, enabling escalation to admin. The issue affects both Bulk Update and standard user-right e...
PT-2025-47599
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning has a flaw that allows privilege escalation through the user management tab. Users assigned the user manage team role can modify user permissions, including granting administrative...
EUVD-2025-27096
Malicious code in bioql PyPI...
CVE-2025-48042
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...
EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden
Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...
CVE-2024-1376
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...
Tuleap Security Vulnerabilities
Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap that originates from a user with read access to a tracker that us...
CVE-2014-9526
Multiple cross-site scripting XSS vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 gName parameter in singlepages/dashboard/users/groups/bulkupdate.php or 2 instanceid parameter in tools/dashboard/sitemapdragrequest.p...