Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/05/29 2:29 p.m.12 views

EUVD-2026-33327

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

9.1CVSS5.9AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 9:16 a.m.7 views

CVE-2026-4002

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

4.3CVSS0.00163EPSS
Exploits0References7
CVE
CVE
added 2025/11/26 12:0 a.m.27 views

CVE-2025-65669

Summary: CVE-2025-65669 affects classroomio 0.1.13, where student accounts can delete courses from the Explore page without authorization, bypassing admin-only checks. Root cause (as described): missing authorization checks in the delete path. Impact: potential unauthorized course deletion with h...

9.1CVSS6.8AI score0.00437EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12360

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00197EPSS
Exploits0References3
CVE
CVE
added 2025/04/21 12:0 a.m.55 views

CVE-2025-28103

CVE-2025-28103 affects laskBlog v2.6.1. The root cause is incorrect access control, enabling attackers to arbitrarily delete user accounts via a crafted request. The CVE entry notes a medium severity (CVSS v3.1: 6.4; Network exposure, Low confidentiality/integrity impact, no availability impact)....

6.4CVSS6.8AI score0.00197EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/10/17 4:15 p.m.4 views

CVE-2022-23771

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrar...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References1
Huntr
Huntr
added 2021/08/23 7:25 p.m.14 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.7AI score
Exploits0
OSV
OSV
added 2018/02/21 8:29 p.m.3 views

CVE-2018-7305

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts...

4.9CVSS5.9AI score0.0037EPSS
Exploits1References1
Rows per page
Query Builder