12 matches found
📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner
WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...
CVE-2025-13084 Opto 22 groov View Exposure of Sensitive Information Through Metadata
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators...
CVE-2025-12778
The CVE-2025-12778 vulnerability affects the Ultimate Member Widgets for Elementor – WordPress User Directory plugin. It arises from a missing capability check in handle_filter_users, affecting all versions up to and including 2.3, allowing unauthenticated attackers to read partial user metadata ...
PT-2025-47555
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle filter users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated...
CVE-2025-11777
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...
CVE-2025-11777 Cross-team channel membership access
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...
DynamicPageList3 vulnerability exposes hidden/suppressed usernames
Summary Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. Details The parameters adduser, addauthor, and addlasteditor output the page creator or last editor using the %USER% placeholder. These display the actual...
CVE-2023-6504
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function in all versions up to, and including, 3.10.7. This makes it...
CVE-2021-21396
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...
CVE-2023-7286
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
CVE-2021-21396
The CVE-2021-21396 entry concerns wire-server, the backend for Wire. Affected version window is 2021-02-16 through 2021-03-02, where the GET /users/list-clients endpoint exposed client metadata for all users. Any logged-in user could request details of other users (no connection requirement) by g...