WooCommerce Canada Post Shipping < 2.8.4 - Unauthenticated Unauthorised Action

Description The plugin does not have authorisation check in an action, which could allow unauthenticated users to perform an unauthorised action...

Essential Blocks for Gutenberg < 4.2.1 - Contributor+ Unauthorised Actions

Description The plugin does not have proper authorisation checks in various functions, allowing contributor and above role to perform unauthorized actions...

Product Expiry for WooCommerce < 2.6 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

Integrate Google Drive < 1.3.4 - Subscriber+ Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

GTG Product Feed for Shopping <= 1.2.4 - Unauthenticated Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...

CVE-2023-5611

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them...

Ashe Extra <= 1.2.9 - Subscriber+ Companion Plugin Activation & Content Import

Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated user, such as subscribers to call them, and activate companion plugins as well as import content...

FeedFocal <= 1.2.2 - Unauthenticated Tracking Code Update

Description The plugin is lacking authorisation checks in its feedfocalapisetup function, allowing unauthenticated attackers to update the Tracking Code via the feedfocalsurveycode option...

Welcome Email Editor < 5.0.7 - Subscriber+ Email Sending

Description The plugin does not have authorisation in its ajaxhandler function, allowing any authenticated users, such as subscriber to call it and send various emails...

WP Travel < 7.8.1 - Unauthenticated AJAX Calls

Description The plugin does not have authorisation checks in various AJAX actions, allowing unauthenticated users to call them and update the plugin settings for example...

USN-6492-1 mosquitto vulnerabilities

Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2021-34431...

CVE-2023-5799

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them...

CVE-2023-5651

The CVE targets the WordPress plugin WP Hotel Booking prior to version 2.0.8. Root cause: lack of authorization checks and CSRF protection, and failure to verify that the item to be deleted is a package. Impact: allows any authenticated user (e.g., a subscriber) to delete arbitrary posts, enablin...

CVE-2023-5799 WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them...

WP Mail SMTP Pro < 3.8.1 - Unauthenticated Email Address Disclosure

Description The plugin does not have authorisation in the isprintpage function, allowing unauthenticated users to retrieve sensitive information such as email address...

CVE-2023-4997 Improper authorisation in Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.5.16 - Red Hat OpenShift security update

Logging Subsystem 5.5.16 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Design/Logic Flaw

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

CVE-2023-4059

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...