2 matches found
CVE-2026-6451 CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery
The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...
IlohaMail Forged GET/POST Arbitrary Contacts Deletion
The target is running at least one instance of IlohaMail version 0.7.9-RC2 or earlier. Such versions contain a flaw that enables an authenticated user to delete contacts belonging to any user provided the DB-based backend is used to store contacts. The flaw arises because ownership of 'deleteitem...