96 matches found
CVE-2026-61952
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...
CVE-2026-61952 WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through = 1.8.21...
CVE-2026-61952
Summary: CVE-2026-61952 affects the WordPress WooCommerce plugin “WooCommerce Bulk Edit Products – WP Sheet Editor” (versions up to and including 1.8.21). The issue is a broken access control due to missing authorization, enabling exploitation through insecure access control configurations. Affec...
CVE-2026-55460
CVE-2026-55460 affects Snipe-IT (IT asset/license management system). Before version 8.6.2, an authenticated non-admin user who had rights users.view and users.edit but not users.delete could directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorized onl...
CVE-2026-6075
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...
CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...
CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
EUVD-2026-33056
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
CVE-2026-45342
LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...
PT-2026-44542
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
WordPress Bulk Edit Posts and Products in Spreadsheet plugin <= 2.25.16 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Edit Posts and Products in Spreadsheet versions = 2.25.16...
CVE-2026-32431
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
WordPress Plugin Astra Bulk Edit Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Astra Bulk Edit, which stem...
EUVD-2026-11965
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431
The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...
CVE-2026-32431
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...