CVE-2022-1398

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...

WordPress plugin Avada 7.11.1 and security vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-7202

The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its testerror AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF...

CVE-2024-21735

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impac...

PT-2023-3793 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: The issue is related to the SettingConfigController class in the NETGEAR ProSAFE Network Management System, which lacks an authorization procedure. This...

Access Control Error Vulnerability in Multiple Medtronic Products

MyCareLink Monitor and others are products developed by Medtronic. An Access Control Error vulnerability exists in multiple Medtronic products that stems from a failure of the Conexus telemetry protocol to perform authorization or authentication, which could be exploited by an attacker to inject,...