4965 matches found
CVE-2019-25214
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...
CVE-2019-25214 ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...
CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...
CVE-2022-4972 Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...
CVE-2022-4972
CVE-2022-4972 concerns the Download Monitor plugin for WordPress, affected up to version 4.7.51. The vulnerability is an authorization bypass caused by a missing capability check on several REST-API routes related to reporting. This allows unauthenticated attackers to view user data and other sen...
CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...
CVE-2019-25217 SiteGround Optimizer <= 5.0.12 - Missing Authorization
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switchphp function called via the /switch-php REST API...
WordPress plugin ShopWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Download Monitor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
VulnCheck KEV: CVE-2019-25214
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...
CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
CVE-2024-9707 Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
CVE-2024-9707
CVE-2024-9707 covers the Hunk Companion WordPress plugin (v1.8.4 and earlier). Multiple sources confirm a missing capability check on the REST endpoint /wp-json/hc/v1/themehunk-import, allowing unauthenticated attackers to install/activate arbitrary plugins and potentially trigger remote code exe...
CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47161
CVE-2024-47161 affects JetBrains TeamCity prior to 2024.07.3. The vulnerability allows password disclosure via the Sonar runner REST API. Root cause and exact impacted components are not detailed in the provided documents beyond the general description. Impact is described as confidential data ex...