292 matches found
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10...
CVE-2024-43336 WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...
CVE-2024-43336
WP User Manager plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability, impacting versions up to and including 2.9.10. The issue enables unintended actions on a user’s account via CSRF, per Red Hat and other vulnerability sources. The CVSS score in the initial data ...
WordPress plugin WP User Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2024-30502 · WordPress · Wp User Manager
Name of the Vulnerable Software and Affected Versions: WP User Manager versions through 2.9.10 Description: A Cross-Site Request Forgery CSRF issue affects the WP User Manager plugin. This allows an attacker to perform unintended actions on a user's account. Users are urged to check for updates a...
WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP User Manager versions = 2.9.10...
WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...
CVE-2024-0024
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2024-0047
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
PT-2024-15320 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of UserManagerService.java causes device policies to be serialized with an incorrect tag. This can lead to a local denial of service when policies are deserialized...
PT-2023-13355 · Unknown · Rws Worldserver
Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows regular users to create users with the Administrator role via UserWSUserManager. This enables unauthorized elevation of privileges. Recommendations: For...
Privilege Escalation
mattermost is vulnerable to Privilege Escalation. Mattermost fails to properly verify the bot permissions, allowing a User Manager role with user edit permissions to manage/update bots...
Mattermost Incorrect Authorization vulnerability
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...
Mattermost Incorrect Authorization vulnerability
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...
Design/Logic Flaw
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
CVE-2023-5194 A system/user manager can demote / deactivate another manager
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...
CVE-2023-5194 A system/user manager can demote / deactivate another manager
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...