CVE-2018-25370

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

PT-2024-17584 · WordPress · The Marketking — Ultimate Woocommerce Multivendor Marketplace Solution

Name of the Vulnerable Software and Affected Versions: The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 2.0.00 Description: The issue is related to missing capability checks on several functions, including marketking delete...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in versions prior to Discourse 2.8.4, which stems from the fact that inviting users to a site using single sign-on can bypass the...

PT-2022-15035 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.13 Discourse version 2.8.0.beta11 in beta and tests-passed Description: The issue allows some users to log in to a community before they should be able to do so. A user invited via email to a forum with must...