CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

CVE-2024-12264

CVE-2024-12264 affects the PayU CommercePro Plugin for WordPress. All versions up to and including 3.8.3 are vulnerable to unauthenticated privilege escalation via /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost, allowing creation of new administrative user accounts. A...

CVE-2024-12195

CVE-2024-12195 affects the WordPress plugin “WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts.” The vulnerability is an SQL Injection in the REST endpoint /wp-json/pm/v2/projects/2/task-lists, exploitable through the project_id parameter in ve...

PT-2025-1774 · WordPress · Wp Project Manager

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin versions up to and including 2.6.16 Description: The WP Project Manager plugin for WordPress is vulnerable to SQL Injection via the project id parameter of the "/wp-json/pm/v2/projects/2/task-lists" REST API endpoint...

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

CVE-2024-11972 Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

CVE-2024-11972

CVE-2024-11972 affects the Hunk Companion WordPress plugin prior to 1.9.0. The flaw is improper authorization of REST API endpoints (notably the /wp-json/hc/v1/themehunk-import endpoint), allowing unauthenticated requests to install and activate arbitrary plugins from the WordPress.org repo, incl...

[SECURITY] Fedora 41 Update: incus-6.8-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

CVE-2024-10548

The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List '/wp-json/pm/v2/projects/1/task-lists' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-12025

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

CVE-2024-12025

The WordPress Collapsing Categories plugin (versions

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

CVE-2024-42194

CVE-2024-42194 affects HCL BigFix Inventory: an access-control vulnerability arising from improper handling of permissions allows a read-only account to modify certain configuration parameters via a crafted REST API call. The available documents confirm the affected product and the underlying iss...

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

CVE-2024-5333

The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...