4966 matches found
CVE-2024-50967
DATAGerry (Becon DATAGerry) contains an Incorrect Access Control flaw in the /rest/rights/ REST API endpoint through version 2.2.0, enabling remote access without authentication and leading to unauthorized disclosure of sensitive information. The issue is consistently described across multiple so...
Exploit for CVE-2024-11972
Description Name : CVE-2024-11972 CVSSv3 Score : 9...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Vivektamrakar Wp_Rest_Api_Fns
CVE-2024-49328-exploit 🌟 Description: This script exploits...
CVE-2024-13258
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...
CVE-2024-13258 Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...
CVE-2024-11423
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...
CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...
CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...
CVE-2024-11423
CVE-2024-11423 is exposed in the WordPress plugin “Ultimate Gift Cards for WooCommerce Pro” (Gift Cards for WooCommerce Pro). The root cause is a missing capability check on several REST API endpoints (notably /wp-json/gifting/recharge-giftcard), enabling unauthenticated attackers to modify data ...
CVE-2024-12264
CVE-2024-12264 affects the PayU CommercePro Plugin for WordPress. All versions up to and including 3.8.3 are vulnerable to unauthenticated privilege escalation via /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, allowing creation of new administrative user accounts. A...
CVE-2024-12195
CVE-2024-12195 affects the WordPress plugin “WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts.” The vulnerability is an SQL Injection in the REST endpoint /wp-json/pm/v2/projects/2/task-lists, exploitable through the project_id parameter in ve...
PT-2025-1774 · WordPress · Wp Project Manager
Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin versions up to and including 2.6.16 Description: The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the project id parameter of the "/wp-json/pm/v2/projects/2/task-lists" REST API endpoint...
CVE-2024-11972
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-11972
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
CVE-2024-11972
CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...
CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...
[SECURITY] Fedora 41 Update: incus-6.8-1.fc41
Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...
CVE-2024-10548
The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-12025
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...