118 matches found
CVE-2021-25013
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient permission validation for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts created by the Playbooks bot...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateChannelAction function, which does not sufficiently check user permissions before executing a delete operation. Any user can delete posts containing actions posted by the Playbooks bot. Remediation...
WordPress plugin Motors – Car Dealer, Classifieds & Listing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-12610
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...
CVE-2024-13816
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This mak...
CVE-2024-12610
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mjsmgtremovefeetype' and 'mjsmgtremovecategorynew' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for...
CVE-2024-12610
CVE-2024-12610 affects the School Management System for Wordpress plugin for WordPress (≤ 93.0.0). Root cause: missing capability check on AJAX actions mj_smgt_remove_feetype and mj_smgt_remove_category_new, enabling unauthenticated attackers to delete arbitrary posts. Impact per sources: unautho...
WordPress plugin School Management System 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
CVE-2025-0958
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as...
PT-2025-2265 · WordPress · Woocommerce Support Ticket System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.8 Description: The issue is related to missing capability checks on the ajax delete message, ajax get customers partial list, and ajax get admins list...
CVE-2024-12855
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2024-11709
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aipostgeneratordeletePost AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with...
WordPress plugin AI Post Generator | AutoWriter 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
GO-2024-3235 Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server...
CVE-2024-50052
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...
CVE-2024-9824
The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...
PT-2024-37150 · WordPress · Tutor Lms Pro
Name of the Vulnerable Software and Affected Versions: The Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.2 Description: The issue allows authenticated attackers with subscriber-level access and above to perform administrative actions on the site, such as deleting comments,...
PT-2024-29293 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...
CVE-2024-2038
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...