613 matches found
CVE-2024-8999
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-8999
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-8999 Improper Access Control in lunary-ai/lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...
CVE-2024-9095 Improper Authorization in lunary-ai/lunary
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. This includes sensitive data such as password hashes and secret API keys. The route is protected by a...
CVE-2025-1635
Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...
Devolutions Remote Desktop Manager 安全漏洞
Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.29 and earlier, which stems from a business logic error in the hub data sourc...
CVE-2025-1481
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloadbackup function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloadbackup function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloadbackup function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the exportsubmittionattendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers,...
CVE-2024-13232 WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation
The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport function in all versions up to, and including, 4.1.1. This makes it possible for...
CVE-2024-13693
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...
PT-2025-7820 · WordPress · Enfold
Name of the Vulnerable Software and Affected Versions: Enfold theme for WordPress versions up to, and including, 6.0.9 Description: The issue allows unauthorized access to data due to a missing capability check in the avia-export-class.php file. This enables unauthenticated attackers to export al...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
CVE-2024-13783 FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php
The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...
WordPress FormCraft plugin <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability
Missing Authorization to Plugin Data Export in formcraft-main.php vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin FormCraft 3 versions = 3.9.11...
PT-2025-6610 · WordPress · Formcraft
Name of the Vulnerable Software and Affected Versions: FormCraft plugin for WordPress versions up to and including 3.9.11 Description: The issue arises from a missing capability check in formcraft-main.php, allowing authenticated attackers with Subscriber-level access and above to export all plug...
CVE-2024-13601
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...