4 matches found
CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
PT-2022-20545 · Wire · Wire
Name of the Vulnerable Software and Affected Versions: Wire versions prior to 2022-07-12/Chart 4.19.0 Description: The issue allows an attacker to delete all SAML authenticated accounts of a targeted team, authenticate as a user of the attacked team, and create arbitrary accounts in the context o...
Privilege Escalation
github.com/fleetdm/fleet is vulnerable to privilege escalation. A premium users with access to the team features are facing post-authentication authorization leading to insecure access control. This vulnerability does not affect fleet instances without teams, or with teams but without restricted...
PT-2022-16915 · Fleetdm +1 · Fleet +1
Name of the Vulnerable Software and Affected Versions: fleetdm/fleet versions prior to 4.13 Description: The issue is an authorization bypass problem that affects all versions of fleetdm/fleet that use the teams feature. Fleet instances without teams or with teams but without restricted team...