CVE-2021-24170

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

Information disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

EUVD-2021-11084

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

CVE-2021-24170 User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

CVE-2021-22865

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

Improper access control

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

CVE-2021-22865 Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

CVE-2021-22865

Summary. CVE-2021-22865 is an improper access control vulnerability in GitHub Enterprise Server that allows access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without granted permissions. Prerequisites: an attacker must create ...

F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)

Exploit Title: F5 BIG-IP 16.0.x - iControl REST Remote Code Execution Unauthenticated Exploit Author: Al1ex Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5....

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

CVE-2021-21421 affects the node-etsy-client (Node.js Etsy REST API client). The issue is that applications reporting client errors to end users could leak the API key value in error output. The root cause is tied to how error information is exposed to end users. Mitigation is to upgrade to node-e...

F5 iControl REST Unauthenticated SSRF Token Generation RCE

This module exploits a pre-auth SSRF in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This vulnerability is known as CVE-2021-22986. CVE-2021-22986 affects the following...

WordPress BuddyPress Plugin 5.0.0 - 7.2.0 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112876";...

Rocket.Chat: REST API gets `query` as parameter and executes it

Summary: Any user with 'view-d-room' permission can access any except users.services data from the users collection Description: The "users.list" REST endpoint gets a query parameter from JSON and runs Users.findqueryFromClientSide. This means virtually any authenticated user can access any data...

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

Design/Logic Flaw

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

CVE-2021-21389 BuddyPress privilege escalation via REST API

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

CVE-2021-21389

BuddyPress (WordPress plugin) prior to 7.2.1 is affected by a REST API privilege-escalation vulnerability that can lead to remote code execution. A non-privileged user could exploit the REST API members endpoint (v1/members/me) to gain administrator rights. Affected versions are 5.0.0 through 7.2...

Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

While confirming https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab, another SQLi issue was identified and reported. The qsmrestgetbankquestions function in the php/rest-api.php file did not property sanitise and escape the category parameter before using it in SQL statements...