6 matches found
CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
CVE-2026-32752 FreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer Messages
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
PT-2026-26373
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit method contains a broken access control vulnerability that allows any authenticated user regardless of role or mailbox access to read and modify all...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated Information Disclosure vulnerability
Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...
PT-2025-48011
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get order by id function in all versions up to, and including, 14. This makes it possible for unauthenticated attacker...