PT-2026-44179

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...

CVE-2026-6228

The CVE concerns the WordPress plugin Frontend Admin by DynamiApps (up to version 3.28.36). A privilege escalation flaw arises from insufficient authorization checks in the role field update mechanism combined with permissive capabilities for the admin_form post type. The admin_form CPT uses capa...

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

CVE-2026-6228 Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.2, which can be exploited by an attacker to trigger a database error by adding special characters to the Add, Edit user form...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

PT-2023-23423 · Escan · Escan

Name of the Vulnerable Software and Affected Versions: eScan management console version 14.0.1400.2281 Description: The issue is related to Cross Site Scripting XSS in the edit user form, allowing a remote attacker to inject arbitrary code via the from parameter. This enables the attacker to...

CVE-2020-27575

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation...

Maxum Rumpus 命令注入漏洞

Maxum Rumpus is an FTP and Web file transfer server. A command injection vulnerability exists in a parameter of the Edit User form in Maxum Rumpus 8.2.13, 8.2.14, which can be exploited by an attacker to inject arbitrary commands...