EUVD-2025-28797

Malicious code in bioql PyPI...

EUVD-2024-44928

Malicious code in bioql PyPI...

CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2025-8218

The CVE (CVE-2025-8218) concerns Real Spaces – WordPress Properties Directory Theme. The vulnerability is a privilege-escalation flaw in the change_role_member parameter that fails to restrict the profile update role, allowing unauthenticated or subscriber-level actors to elevate to Administrator...

CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

PT-2025-33710 · WordPress · Real Spaces - Wordpress Properties Directory Theme

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.6 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the change role member parameter during...

WordPress Real Spaces - WordPress Properties Directory Theme plugin <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member' vulnerability

WordPress Real Spaces - WordPress Properties Directory Theme plugin = 3.5 - Authenticated Subscriber+ Privilege Escalation to Administrator via 'changerolemember' vulnerability discovered by Alyudin Nafiie in WordPress Theme Real Spaces versions = 3.5...

CVE-2024-50504

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through = 1.1...

CVE-2024-50504

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through = 1.1...

CVE-2024-50504 WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through = 1.1...

CVE-2024-50504 WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through = 1.1...

CVE-2024-50504

CVE-2024-50504 : Concrete details across connected sources show a vulnerability in the WordPress plugin “Bulk Change Role” (versions

WordPress plugin Bulk Change Role 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-34281 · Unknown · Matt Whiteman Bulk Change Role

Name of the Vulnerable Software and Affected Versions: Matt Whiteman Bulk Change Role versions n/a through 1.1 Description: The issue is related to an Incorrect Privilege Assignment vulnerability that allows Privilege Escalation in Matt Whiteman Bulk Change Role. Recommendations: For Matt Whitema...

WordPress Bulk Change Role plugin <= 1.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Bulk Change Role versions = 1.1...

WordPress Bulk Change Role Plugin <= 1.1 is vulnerable to Privilege Escalation

Software Bulk Change Role Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50504 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ae994493e2ec Credits Muhamad Ag...

IDOR Vulnerability Allow Low-Level User change role Everyone Includes Admin

Description By manipulating the userid in API PUT /answer/admin/api/user/role, users with low privilege can change role any users Proof of Concept Step 1: Login as user1 with user privilege Step2: Call API PUT /answer/admin/api/user/role with user privilege , change role everyone includes Admin...

Privilege escalation

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role e.g., to administrator by updating their user profile...