PiHome 安全漏洞

PiHome is a home automation system from the individual developers of PiHomeHVAC. A security vulnerability exists in PiHome version 2.0 that stems from /useraccounts.php?uid contains a missing authorization vulnerability...

WordPress WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon versions = 1.6...

SAP NetWeaver Server ABAP 安全漏洞

SAP NetWeaver Server ABAP is an application server from SAP, a German company. A security vulnerability exists in SAP NetWeaver Server ABAP that stems from a lack of authorization checking and could lead to an unauthenticated attacker accessing otherwise inaccessible data...

PT-2025-5276 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.3 Description: This issue was addressed through improved state management. A malicious app may be able to access arbitrary files. The problem is related to a lack of authorization, which could allow an attacker to...

CVE-2025-22607 Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UU...

WordPress Evergreen Content Poster plugin <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Evergreen Content Poster versions = 1.4.4...

WordPress plugin Copy Move Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress plugin Button Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress plugin Easy Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-56276

CVE-2024-56276 is a Missing Authorization vulnerability in WPForms Contact Form (WPForms Lite) that affects Contact Form by WPForms: from n/a through 1.9.2.2. The root cause is misconfigured access control security levels, enabling unauthorized access to or manipulation of form-related functional...

WordPress Social Rocket plugin <= 1.3.4 - Missing Authorization to Settings Update vulnerability

Missing Authorization to Settings Update vulnerability discovered by WordFence in WordPress Plugin Social Rocket versions = 1.3.4...

PT-2025-1534 · Wp Travel · Wp Travel

Name of the Vulnerable Software and Affected Versions: WP Travel versions prior to 7.8.0 Description: The issue is related to missing authorization in WP Travel, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions prior to 7.8.0, update to...

WordPress Bit Form – Contact Form plugin <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Form Submission Disclosure vulnerability discovered by Akbar Kustirama in WordPress Plugin Bit Form versions = 2.17.3...

CVE-2023-35051 WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...

WordPress plugin Constant Contact Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Redirection for Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin WP Crowdfunding 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Simple Notification 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-3044 · Apple · Visionos +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 watchOS versions prior to 11.2 visionOS versions prior to 2.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: The issue is related to the Password Autofill component in the mentioned operatin...

CVE-2023-23825

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...