WordPress WooCommerce Point of Sale plugin <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability

Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change vulnerability discovered by Tonn in WordPress Plugin WooCommerce Point of Sale versions = 6.1.0...

CVE-2024-8485 REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...

WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...