15 matches found
CVE-2025-13864
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...
CVE-2025-12038
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
EUVD-2025-37421
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...
CVE-2025-12038
CVE-2025-12038 Folderly (WordPress) affects Folderly plugin for WordPress up to version 0.3, due to insufficient capability checks on the REST endpoint /wp-json/folderly/v1/config/clear-all-data. This permits authenticated attackers with Author-level access or higher to perform unauthorized data ...
PT-2025-44711
Name of the Vulnerable Software and Affected Versions Folderly plugin for WordPress versions through 0.3 Description The Folderly plugin for WordPress has a flaw that allows unauthorized data modification. This is due to an inadequate capability check on the...
CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...
WordPress Plugin My YouTube Channel 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
GSD-2021-1000501 RDMA/rxe: Clear all QP fields if creation failed
RDMA/rxe: Clear all QP fields if creation failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.7 by commit...
RapidWareX 2.0.1 - (WebUI) CSRF Exploit
No description provided by source. RapidWareX v2.0.1 WebUI CSRF Exploit Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] RapidWareX v2.0.1 WebUI is prone to a post-authentication CSRF vulnerability, which allows the...
CVE-2011-0685
CVE-2011-0685 affects Opera before 11.01 where the Delete Private Data feature’s Clear all email account passwords option was not properly implemented, potentially allowing a physically proximate attacker to access an email account on an unattended workstation. Connected advisories (SUSE/OpenSUSE...
RapidWareX 2.0.1 - 'WebUI' Cross-Site Request Forgery
RapidWareX v2.0.1 WebUI CSRF Exploit Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] RapidWareX v2.0.1 WebUI is prone to a post-authentication CSRF vulnerability, which allows the attacker to have control over certain...