3 matches found
PT-2025-14092 · WordPress · Wp Realestate
Name of the Vulnerable Software and Affected Versions: WP RealEstate plugin versions up to, and including, 1.6.26 Description: The issue is related to insufficient role restrictions in the process register function, allowing unauthenticated attackers to register an account with the Administrator...
CVE-2024-55954
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...