14 matches found
WordPress age-restriction plugin missing authorization vulnerability
The WordPress age-restriction plugin is a plugin used to add age verification functionality to a WordPress website, the main purpose of which is to restrict access to certain content or features to users who have not reached a specific age. The WordPress age-restriction plugin suffers from a lack...
CVE-2025-11855
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855
CVE-2025-11855 affects the WordPress plugin “age-restriction” (versions up to 3.0.2). The root cause is missing authorization in the age_restrictionRemoteSupportRequest function, enabling any authenticated user (e.g., a subscriber) to create an administrator account with a hardcoded username and ...
EUVD-2023-57723
Malicious code in bioql PyPI...
WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...
CVE-2024-11297
The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from pos...
CVE-2024-0615 Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to...
AZL-34898 CVE-2023-5408 affecting package kubernetes for versions less than 1.29.1-2
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...
PT-2023-5676 · Red Hat · Openshift
Name of the Vulnerable Software and Affected Versions: OpenShift affected versions not specified Description: A privilege escalation flaw was found in the node restriction admission plugin of the Kubernetes API server of OpenShift. A remote attacker who modifies the node role label could steer...
APISIX Admin API default access token RCE
Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...
Apache APISIX Remote Code Execution Exploit
Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...