3 matches found
CVE-2026-9842
The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...
CVE-2026-9842 Backstage <= 1.4.2 - Unauthenticated Privilege Escalation via Permissive Demo Role Capabilities
The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...
PT-2022-24934 · Qtiworks · Qtiworks
Name of the Vulnerable Software and Affected Versions: QTIWorks versions prior to 1.0-beta15 Description: QTIWorks is a software suite for standards-based assessment delivery. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, allowing files to be...