6 matches found
CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
CVE-2025-41091
CVE-2025-41091 concerns Bold Workplanner. Affected: Bold Workplanner prior to version 2.5.25 (4935b438f9b). Issue: Insecure Direct Object Reference (IDOR) due to insufficient input validation, enabling an authenticated user to access calendar details using unauthorized internal identifiers. Impac...
CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner
Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...
CVE-2024-6332
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it...
Shopify: Shopify's SF and LA offices Dashboard Information disclosed via Public Gist
Hi Team, During my recon process, I found a public gist containing the Internal Information of the Shopify offices of LA and SF. The gist belongs to the Shopify employee - https://gist.github.com/runmad He is currently - Engineering Manager at Shopify LA Office Dashboard -...
phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection
phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS'...