Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/23 4:27 a.m.10 views

CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.6 views

PT-2022-20545 · Wire · Wire

Name of the Vulnerable Software and Affected Versions: Wire versions prior to 2022-07-12/Chart 4.19.0 Description: The issue allows an attacker to delete all SAML authenticated accounts of a targeted team, authenticate as a user of the attacked team, and create arbitrary accounts in the context o...

9.8CVSS7.9AI score0.00599EPSS
Exploits0References3
Veracode
Veracode
added 2022/04/19 9:42 a.m.29 views

Privilege Escalation

github.com/fleetdm/fleet is vulnerable to privilege escalation. A premium users with access to the team features are facing post-authentication authorization leading to insecure access control. This vulnerability does not affect fleet instances without teams, or with teams but without restricted...

8.1CVSS5AI score0.00814EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/18 12:0 a.m.5 views

PT-2022-16915 · Fleetdm +1 · Fleet +1

Name of the Vulnerable Software and Affected Versions: fleetdm/fleet versions prior to 4.13 Description: The issue is an authorization bypass problem that affects all versions of fleetdm/fleet that use the teams feature. Fleet instances without teams or with teams but without restricted team...

8.1CVSS6.8AI score0.00889EPSS
Exploits0References13
Rows per page
Query Builder