11609 matches found
WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Gift Vouchers versions = 4.6.9...
WordPress Peach Payments Gateway plugin <= 4.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Peach Payments Gateway versions = 4.0.2...
WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peng Zhou in WordPress Plugin FundEngine versions = 1.7.6...
WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...
WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Booking and Rental Manager versions = 2.6.9...
WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by okndjo in WordPress Plugin Event Tickets Manager for WooCommerce versions = 1.5.5...
WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Sandesh Gawai in WordPress Plugin Tourfic versions = 2.22.5...
WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ramshath in WordPress Plugin Tourfic versions = 2.22.5...
WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.167 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by VanTastic in WordPress Plugin Extra Product Options Builder for WooCommerce versions = 1.2.167...
Atlassian Confluence - Privilege Escalation
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. id: CVE-2023-22515 info: name: Atlassian Confluence - Privilege Escalation author:...
PT-2026-56567
Name of the Vulnerable Software and Affected Versions Gumroad versions prior to 2026.07.06.2 Description Broken access control in the PurchasesController allows authenticated sellers to manipulate purchase access for products belonging to other sellers. By sending PUT requests to the revoke acces...
PYSEC-2026-1802 pretix has Broken Access Control Allowing Cross-User File Access via UUID
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
WordPress Advanced Forms plugin <= 1.9.3.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Advanced Forms versions = 1.9.3.7...
WordPress WowAddons plugin <= 1.6.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin WowAddons versions = 1.6.8...
WordPress MStore API plugin <= 4.18.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Plugin MStore API versions = 4.18.4...
CVE-2026-57870
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...
CVE-2026-57870
CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...
CVE-2026-57870
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...
CVE-2026-57870
Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...