735 matches found
PT-2026-45709
Name of the Vulnerable Software and Affected Versions Remove meta boxes per user role versions prior to 1.02 Description The plugin is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into executing an unwanted action. This occurs due to missing or incorrect nonce...
WordPress Remove meta boxes per user role plugin <= 1.01 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Remove meta boxes per user role versions = 1.01...
CVE-2026-9241
The FOX – Currency Switcher Professional for WooCommerce WordPress plugin (up to version 1.4.6) is affected by an Authorization Bypass through a user-controlled key. The flaw resides in get_value() in classes/fixed/fixed_user_role.php, which trusts the attacker-controlled $_REQUEST['wooc_order_us...
EUVD-2026-32703
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...
WordPress plugin FOX – Currency Switcher Professional for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-44181
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the get value function in classes/fixed/fixed user role.php trusting the attacker-controlled $...
Incorrect Authorization
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization via the /user/update endpoint. An attacker can gain full administrative access by modifying their own userrole field to proxyadmin to escalate...
GHSA-WPFP-GWWC-VWQ6 LiteLLM allows a user to modify their own user_role via the /user/update endpoint
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
LiteLLM allows a user to modify their own user_role via the /user/update endpoint
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
WordPress plugin Divi Form Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-41692
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description Arcane improperly exposes Git repository management endpoints to any authenticated user, allowing low-privileged accounts to modify repository configurations, exfiltrate stored Git credentials, acces...
CVE-2026-44567 Open WebUI: Open WebUI Improper Authorization Control
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...
EUVD-2026-28463
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...
CVE-2026-30269
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...
CVE-2026-30269
CVE-2026-30269 affects Doorman (v0.1.0 and v1.0.2). The issue is improper access control where an authenticated user can update their own account role to a non-admin privileged role via /platform/user/{username}. The update model accepts the role field without a manage_users permission check for ...
CVE-2026-40479 Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and...
CVE-2026-40291
Chamilo LMS exposes an insecure direct object modification in PUT /api/users/{id} prior to version 2.0.0-RC.3, allowing any authenticated user with ROLE_STUDENT to escalate to ROLE_ADMIN by modifying their own roles field. The API Platform check is_granted('EDIT', object) only verifies ownership,...
CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the PUT /api/users/id endpoint allows any authenticated user with ROLESTUDENT to escalate their privileges to ROLEADMIN by modifying the roles field o...
NetBird has Race Condition on UpdateUser Function, Resulting in Privilege Escalation From Admin to Owner
Summary A race condition vulnerability allows authenticated admin-privileged users to escalate to owner privilege. Details The vulnerability exists in the updateUser function, which is connected to the /users/userId PUT request. This function then calls the SaveOrAddUsers function, which checks t...