3 matches found
CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...
CVE-2011-0437
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control DTC before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edsshaccount parameter in a deletesshaccount Delete action...
Code injection
Butterfly Organizer 2.0.0 allows remote attackers to 1 delete arbitrary categories via a modified tablehere parameter to category-delete.php with the isjsconfirmed parameter set to 1, or 2 delete arbitrary accounts via the mytable parameter to delete.php...