Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests...

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

CVE-2026-28471

OpenClaw is affected (version 2026.1.14-1 before 2026.2.2) with the Matrix plugin installed. The vulnerability allows bypassing DM allowlist matching by exact-matching sender display names and localparts without homeserver validation, enabling remote Matrix users to impersonate allowed identities...

EUVD-2026-9917

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the DM permission list matching in the Matrix plugin, allowing remote Matrix users to impersonate...

PT-2026-23546

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.1 Description The software contains a flaw where direct message DM allowlist matching can be circumvented by precisely matching sender display names and localparts without homeserver verification...

WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin Exam Matrix versions = 1.5...

CVE-2023-47685 WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1...

WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Preloader Matrix Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47685 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 500447b9268e Credits Skalucy Required...

GHSA-QXF8-8837-HQ7W Script security sandbox bypass in Matrix Project Plugin

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

PT-2020-15441 · Jenkins · Jenkins Matrix Project Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.16 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the axis names shown in tooltips on the overview page of builds with multiple axes are...