4405 matches found
CVE-2024-9263
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...
CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...
CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...
CVE-2024-9263
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin for WordPress (versions
CVE-2024-9215
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
CVE-2024-9215
The CVE-2024-9215 entry concerns the WordPress plugin PublishPress Authors (Co-Authors, Multiple Authors and Guest Authors) up to version 4.7.1. It describes an insecure direct object reference in the action_edited_author() flow, caused by missing validation of the authors-user_id key, which is u...
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
WordPress plugin PublishPress Authors 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin WP Timetics 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP Timetics plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover vulnerability
Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin Timetics versions = 1.0.25...
WordPress PublishPress Authors plugin <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary User Email Update and Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin PublishPress Authors versions = 4.7.1...
CVE-2023-7286
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...
CVE-2023-7286
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...
CVE-2023-7286 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...
CVE-2023-7286
The WordPress plugin ACF Quick Edit Fields (≤ 3.2.2) is affected by an Insecure Direct Object Reference issue that allows authenticated users with Contributor+ privileges to access metadata of other users without the edit_users capability. Root cause: insecure access to user metadata via the plug...
PT-2024-39496 · WordPress · Publishpress Authors
Name of the Vulnerable Software and Affected Versions: PublishPress Authors plugin for WordPress versions up to, and including, 4.7.1 Description: The issue is related to Insecure Direct Object Reference, which can lead to Privilege Escalation and Account Takeover. This is due to missing validati...
PT-2024-39522 · WordPress · Wp Timetics- Ai-Powered Appointment Booking Calendar/Online Scheduling Plugin
Name of the Vulnerable Software and Affected Versions: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.0.25 Description: The issue allows for Account Takeover and Privilege Escalation via Insecure Direct Objec...
Insecure Direct Object Reference (IDOR)
Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...
VulnCheck KEV: CVE-2023-7286
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...