Lucene search
K

16 matches found

OSV
OSV
added 2026/03/24 2:50 p.m.6 views

CVE-2026-33313 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

5.3CVSS6.4AI score0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/03/24 2:50 p.m.19 views

CVE-2026-33313

Vikunja CVE-2026-33313: An IDOR in the API allowed an authenticated user to read any task comment by swapping the task ID in the URL with a task they could access. Root cause: insufficient access checks before 2.2.0. Impact: disclosure of comments from tasks not necessarily accessible to the atta...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1514

Malware in sbrugna...

7.5CVSS6.4AI score0.01721EPSS
Exploits0References5
OSV
OSV
added 2025/08/19 7:6 p.m.6 views

CVE-2025-55737 flaskBlog arbitrary comment delete

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

6.9CVSS7.1AI score0.00274EPSS
Exploits1References3
NVD
NVD
added 2024/01/16 4:15 p.m.25 views

CVE-2022-0775

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment...

4.3CVSS4.7AI score0.00675EPSS
Exploits2References3
Patchstack
Patchstack
added 2022/03/29 12:0 a.m.24 views

WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability

Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...

4.3CVSS4.7AI score0.00632EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.59 views

DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR

The plugin does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified numerous times since. As any authenticated user, post a...

4.3CVSS0.7AI score0.00632EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/02/23 12:0 a.m.30 views

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment PoC Log in as any user with privileges as low as Subscriber...

3.8AI score0.00675EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2022/02/23 12:0 a.m.13 views

WordPress WooCommerce plugin <= 6.2.0 - Arbitrary Comment Deletion vulnerability

Arbitrary Comment Deletion vulnerability discovered in WordPress WooCommerce plugin versions = 6.2.0. Solution Update the WordPress WooCommerce plugin to the latest available version at least 6.2.1...

3.6AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2022/02/23 12:0 a.m.558 views

WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion

The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment Log in as any user with privileges as low as Subscriber...

0.3AI score0.00675EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/11 12:0 a.m.15 views

WordPress wpDiscuz plugin <= 7.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Comment Addition/Edition/Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Comment Addition/Edition/Deletion discovered by Brandon Roldan in WordPress wpDiscuz plugin versions = 7.3.3. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.4...

4.3CVSS3.6AI score0.00467EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.794 views

wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

The plugin does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary...

4.3CVSS0.5AI score0.00467EPSS
Exploits2
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.21 views

CVE-2021-24725 Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...

5.1AI score0.00487EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.16 views

Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment

The plugin did not properly check for CSRF when saving a product comment, and took the user ID to link the comment to from user input. As a result, attackers can post arbitrary comment, as another user as well by manipulating the currentuserid parameter. PoC POST / HTTP/1.1 Accept:...

1.9AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2007/07/19 12:0 a.m.13 views

GeoBlog MOD_1.0 - deletecomment.php?id Arbitrary Comment Deletion

GeoBlog MOD1.0 - deletecomment.php?id Arbitrary Comment Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploi...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/05/06 12:0 a.m.31 views

Multiple vulnerabilities in myBloggie 2.1.1

CODEBUG Labs Advisory 9 Title: Multiple vulnerabilities in myBloggie 2.1.1 Authors: Alberto Trivero & CorryL English Version: Alberto Trivero Product: myBloggie 2.1.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org/ -- Software Page mybloggie.mywebland.com "myBloggie is considered one ...

0.1AI score
Exploits0
Rows per page
Query Builder