Lucene search
K

12 matches found

Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.144 views

📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner

WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...

9.8CVSS5.9AI score0.02196EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2025/11/26 5:39 p.m.3 views

CVE-2025-13084 Opto 22 groov View Exposure of Sensitive Information Through Metadata

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators...

7.6CVSS6.4AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2025/11/20 4:37 a.m.18 views

CVE-2025-12778

The CVE-2025-12778 vulnerability affects the Ultimate Member Widgets for Elementor – WordPress User Directory plugin. It arises from a missing capability check in handle_filter_users, affecting all versions up to and including 2.3, allowing unauthenticated attackers to read partial user metadata ...

5.3CVSS4.9AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.4 views

PT-2025-47555

The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle filter users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated...

5.3CVSS5.2AI score0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.6 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 5:32 p.m.9 views

CVE-2025-11777 Cross-team channel membership access

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS0.00159EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/10 1:10 p.m.8 views

DynamicPageList3 vulnerability exposes hidden/suppressed usernames

Summary Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. Details The parameters adduser, addauthor, and addlasteditor output the page creator or last editor using the %USER% placeholder. These display the actual...

8.7CVSS7.2AI score0.00447EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.9 views

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function in all versions up to, and including, 3.10.7. This makes it...

4.3CVSS6AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.5 views

CVE-2021-21396

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...

6.5CVSS6.8AI score0.01093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.2 views

CVE-2023-7286

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...

6.5CVSS5.4AI score0.00421EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.4 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

5.7CVSS6.4AI score0.00615EPSS
Exploits0References5
CVE
CVE
added 2021/03/26 9:40 p.m.232 views

CVE-2021-21396

The CVE-2021-21396 entry concerns wire-server, the backend for Wire. Affected version window is 2021-02-16 through 2021-03-02, where the GET /users/list-clients endpoint exposed client metadata for all users. Any logged-in user could request details of other users (no connection requirement) by g...

6.5CVSS6.4AI score0.01093EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder