630 matches found
WordPress plugin Order Delivery Date for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-35747
Name of the Vulnerable Software and Affected Versions: Barn2 Plugins Posts Table with Search & Sort versions through 1.4.10 Description: The Posts Table with Search & Sort plugin contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations:...
CVE-2025-7956
The CVE-2025-7956 entry concerns Ajax Search Lite for WordPress. It exposes Basic Information through a missing authorization check in ASL_Query within the AJAX search handler, affecting versions up to 4.13.1 (some sources reference 4.13.2 as the fix). The vulnerability allows unauthenticated att...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
WordPress plugin SMM API 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2025-8310
CVE-2025-8310 affects Ivanti Virtual Application Delivery Controller (vADC) prior to 22.9. The admin console lacks proper authorization, enabling a remote authenticated attacker to take over admin accounts by resetting passwords. The vulnerability is mitigated by updating to version 22.9 or later...
SAP Cloud Connector 安全漏洞
SAP Cloud Connector is a tool from SAP, Germany, used to establish a secure connection between local systems and SAP Cloud Platform. A security vulnerability exists in SAP Cloud Connector that stems from a lack of authorization checks and could lead to degraded service performance...
PT-2025-32470 · Unknown · Litmuschaos
Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos related to missing authorization checks within the Delete Request Handler component. The vulnerability resides in the /auth/delete project/ file and is...
CVE-2025-51308
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...
HomeBox 安全漏洞
HomeBox is a SysAdmins Media open source inventory and organization system built for home users. A security vulnerability exists in HomeBox versions prior to 0.20.1, which stems from a lack of authorization checking and could lead to unauthorized data manipulation...
WordPress plugin Mobile DJ Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress plugin UpStream 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
GitLab Enterprise Edition和GitLab Community Edition 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...
The vulnerability of Nomad application orchestrators, related to the lack of authorization, allows attackers to gain unauthorized access to protected information.
The vulnerability of Nomad application orchestrators is related to the lack of authentication. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2023-0331
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2023-1651
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to...
CVE-2022-4106
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...
CVE-2022-1589
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
CVE-2021-24836
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them...