Lucene search
K

4 matches found

NVD
NVD
added 2026/05/13 6:16 a.m.9 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS0.00304EPSS
Exploits0References53
Github Security Blog
Github Security Blog
added 2026/01/27 10:13 p.m.11 views

StudioCMS has Authorization Bypass Through User-Controlled Key

Summary StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Details The Issue: The endpoint /dashboard/content-management/edit?edit=UUID...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References5Affected Software1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.6 views

WordPress plugin ActivityPub security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6.6AI score0.00468EPSS
Exploits2References2
OSV
OSV
added 2022/05/20 12:0 a.m.12 views

GHSA-F6FM-R26Q-P747 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

8.8CVSS6AI score0.01343EPSS
Exploits0References3
Rows per page
Query Builder