Missing Authorization

github.com/mattermost/mattermost-server is vulnerable to Missing Authorization. The vulnerability exists because the library fails to validate all parameters, allowing an authenticated attacker to edit arbitrary posts on the channel through the /dialog API...

CVE-2023-34028

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7 versions...

CVE-2023-2911

creationtimestamp| type| source ---|---|--- 2023-06-21 20:26:21+00:00| seen| https://t.me/cibsecurity/65390 2025-03-14 05:32:28+00:00| seen| https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgpb22p 2025-03-14 05:32:28+00:00| seen| https://bsky.app/profile/r3nt.bsky.social/post/3lkcv3rgle22p...

Mattermost Access Control Error Vulnerability (CNVD-2023-55043)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from not checking the identity of a channel member when accessing a message thread, which can be exploited by an attacker to...

Mattermost Input Validation Error Vulnerability (CNVD-2023-55047)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from Mattermost's inability to validate all parameters when creating scripts that run through the /dialog API, which can be...

Code injection

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

CVE-2023-2791 Playbooks lets you edit arbitrary posts

When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from not checking the identity of a channel member when accessing a message thread, which can be exploited by an attacker to...

PT-2023-21384 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to access arbitrary posts by using the message threads API, as Mattermost fails to check channel membership when accessing message threads. Recommendations: ...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from Mattermost's inability to validate all parameters when creating scripts that run through the /dialog API, which can be...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2c02326de32e Credits LEE SE HYOUNG...

CVE-2023-25978

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-25978

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-25978 WordPress Protected Posts Logout Button Plugin <= 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-25978

The CVE-2023-25978 entry refers to the WordPress Protected Posts Logout Button plugin with a Stored XSS vulnerability in versions

WordPress Plugin WP Directory Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Nate Reist Protected Posts Logout Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Recent Posts Slider Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35043 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cce446409bae Credits LEE SE HYOUNG...