GHSA-6R88-8V7Q-Q4P2 SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

CVE-2026-3645

The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The saveconfig function, which handles the 'punnelsaveconfig' AJAX action, lacks any capability check currentusercan and nonce verification. This makes it...

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

CVE-2025-12165

CVE-2025-12165 pertains to the WordPress plugin Webcake – Landing Page Builder. Connected sources confirm a missing capability check on the webcake_save_config AJAX endpoint across versions up to 1.1, enabling authenticated attackers with Subscriber-level access and above to modify plugin setting...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the function saveConfigFile in the file HealthUtils.java, where a failed configuration file write triggers. An attacker can gain unauthorized access to system credentials by accessing...

CVE-2024-9361

The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveconfiguration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticate...

CVE-2020-17457

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

CVE-2024-9361

The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveconfiguration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticate...

WordPress plugin Bulk images optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39595 · WordPress · Bulk Images Optimizer

Name of the Vulnerable Software and Affected Versions: The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to a missing capability check on the save configuration function, allowing...

CVE-2023-4627

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveconfig function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

PT-2024-13347 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.3 Description: The issue is related to a missing nonce check on the save config function, making it possible for unauthenticated attackers to update the ladipage config option via ...

D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

VulnCheck KEV: CVE-2019-20500

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

CVE-2021-27476

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

CVE-2020-17457

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

CVE-2020-17457

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

FUJITSU LIMITED Fujitsu ServerView Suite 跨站脚本漏洞

FUJITSU LIMITED Fujitsu ServerView Suite is a software application from FUJITSU LIMITED. It provides a lifecycle management of your servers - from a single system to large server pool capabilities. A security vulnerability exists in Fujitsu ServerView Suite iRMC before 9.62F, which can be exploit...

CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

Command injection

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...