2 matches found
CVE-2025-1668
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...
PT-2024-28013 · Xenforo · Xenforo
Name of the Vulnerable Software and Affected Versions: Xenforo versions prior to 2.2.16 Description: The issue allows for CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. Recommendations: For versions prior to 2.2.16, update to version...