732 matches found
CVE-2026-4484
CVE-2026-4484 affects the Masteriyo LMS WordPress plugin up to version 2.1.6. The root cause is a vulnerability in the InstructorsController::prepare_object_for_database function that allows an authenticated user to update a user’s role, enabling privilege escalation from Student-level (and above...
EUVD-2026-14306
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
CVE-2026-4548 mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
PT-2026-27010
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely...
Next SaaS Stripe Starter 授权问题漏洞
Next SaaS Stripe Starter is an integrated payment and authentication SaaS project starter developed by mickasmt as a personal developer. Version 1.0.0 of Next SaaS Stripe Starter contains an authorization issue vulnerability. This vulnerability stems from incorrect operations with the parameter...
WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-29196
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...
CVE-2026-29196
CVE-2026-29196 affects Netmaker prior to 1.5.0, where a user with the platform-user role could obtain WireGuard private keys for all configs in a network via API calls to GET /api/extclients/{network} or GET /api/nodes/{network}. The UI restricts visibility, but these API endpoints return full re...
CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...
CVE-2026-23925
A flaw was found in Zabbix. An authenticated user with the 'User' role, who also possesses write permissions for templates or hosts, can exploit the configuration.import API. This allows them to create unauthorized objects, such as hosts, which can lead to a loss of confidentiality within the...
CVE-2026-23925
An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...
PT-2026-22718
Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.3 Description The User Registration & Membership plugin for WordPress has a critical flaw allowing unauthenticated attackers to create administrator accounts. This is du...
EUVD-2025-208125
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-12981
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-12981
Summary of CVE-2025-12981 (Listee
CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...
CVE-2025-12981 Listee <= 1.1.6 - Unauthenticated Privilege Escalation
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the userrole parameter. This makes it possible...