CVE-2026-10824

The Masteriyo LMS WordPress plugin is affected up to version 2.2.0; the course-progress REST API controller fails authorization checks, allowing unauthenticated users to read and permanently delete any user’s course-progress records. This vulnerability stems from missing access controls in the AP...

EUVD-2026-31834

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records vulnerability

Missing Authorization to Authenticated Subscriber+ Delete Arbitrary B2S Post Records vulnerability discovered by awhacken in WordPress Plugin Blog2Social versions = 8.9.0...

EUVD-2026-29413

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

CVE-2026-7050

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

WordPress plugin Forms Rb 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

EUVD-2025-204625

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

EUVD-2025-31339

Malicious code in bioql PyPI...

CVE-2025-50369

A Cross-Site Request Forgery CSRF vulnerability exists in the Manage Card functionality /mcgs/admin/manage-card.php of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying...

PHPGurukul Medical Card Generation System 安全漏洞

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from a cross-site request forgery vulnerability that stems from the lack of CSRF protection in the Manage Card feature, which can be exploited by an attacker to send a simple GET request...

CVE-2022-3898

The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...

CVE-2024-13429

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...

Reflected XSS - Accounting Module - Maintenance - Delete Accounting Records

Description A reflected cross-site scripting XSS vulnerability exists within acct-maintenance-delete.php, which allows a malicious user to execute arbitrary JavaScript code. The vulnerable parameters are username, startdate, and enddate. Proof of Concept 1. Navigate to /acct-maintenance-delete.ph...

GHSA-377V-8637-6VQ6 TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors...

CVE-2021-34766

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...

Hospital Management System 安全漏洞

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. a security vulnerability exists in PHPGurukul Hospital Management System, which originates from admin-panel1.php in the software, which can delete unauthenticated authenticated physician entries. No details...

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

CVE-2018-17486

Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host...