79 matches found
PT-2025-52576
Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite plugin versions through 1.2.5 Description The Frontend Post Submission Manager Lite plugin for WordPress has an issue where authorization checks are missing on the post update functionality within the fpsm...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/web to...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/public/model to...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade github.com/mattermost/mattermost/server/channels/store t...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the MSTeams plugin OAuth flow. An attacker can modify arbitrary posts by sending a crafted OAuth redirect URL. Remediation Upgrade...
CVE-2025-57244
OpenKM Community Edition 6.3.12 is listed as vulnerable to a stored cross-site scripting (XSS) flaw in the user account creation interface. The affected component is the registration form where the Name field accepts script tags and the Email field is vulnerable when a POST request is modified to...
EUVD-2021-11840
Malware in sbrugna...
EUVD-2020-30320
Malware in sbrugna...
EUVD-2024-17575
Malicious code in bioql PyPI...
EUVD-2023-12464
Malicious code in bioql PyPI...
EUVD-2023-12595
Malicious code in bioql PyPI...
CVE-2024-4199
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...
CVE-2024-4874
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2023-0555
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability
Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Theme wProject versions 5.8.0...
PT-2025-10561 · Pagelayer · Pagelayer
Name of the Vulnerable Software and Affected Versions: Pagelayer versions prior to 1.9.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pagelayer save post function. This allows unauthenticated attackers to modify post contents...