Lucene search
K

9 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-55460

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with deleteuser=1 because BulkUsersController::destroy authorizes only update, allowing the user to...

7.1CVSS0.00285EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-57264

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An authenticated non-admin user possessing users.view and users.edit permissions, but lacking users.delete permissions, can perform a soft-delete of another non-admin user. This occurs because the...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.9 views

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 4:15 a.m.8 views

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS0.00227EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/14 3:25 a.m.3 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/14 3:25 a.m.30 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS0.00227EPSS
Exploits0References5
OSV
OSV
added 2026/02/14 3:25 a.m.7 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS6AI score0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.22 views

PT-2026-8047

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References6
OSV
OSV
added 2021/11/17 11:15 a.m.5 views

CVE-2021-24853

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qrsavebulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects...

4.3CVSS6AI score0.00433EPSS
Exploits2References1
Rows per page
Query Builder