25 matches found
CVE-2026-41903
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...
CVE-2026-41903
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...
CVE-2026-41903 FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...
CVE-2026-41903
CVE-2026-41903 affects FreeScout (Laravel-based). Before 1.8.217, a user with PERM_EDIT_USERS can read/modify any user’s notification subscriptions via a single POST, including admins, enabling silent disabling of email/browser/mobile alerts and related notices. This is a continuation of CVE-2025...
CVE-2026-41903
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...
CVE-2025-11620
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
CVE-2025-11620 Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
EUVD-2025-197949
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
CVE-2025-11620 Multiple Roles per User <= 1.0 - Missing Authorization to Authenticated (Custom+) Privilege Escalation
The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpuaddmultiplerolesui' and 'mrpusavemultipleuserroles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated...
CVE-2025-11620
CVE-2025-11620 concerns the WordPress plugin Multiple Roles per User where a missing capability check on the functions mrpu_add_multiple_roles_ui and mrpu_save_multiple_user_roles in all versions up to 1.0 allows authenticated attackers with the edit_users capability to modify any user’s role (e....
PT-2025-47251
Name of the Vulnerable Software and Affected Versions Multiple Roles per User plugin for WordPress versions up to and including 1.0 Description The Multiple Roles per User plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within...
EUVD-2015-3291
Malware in sbrugna...
WordPress plugin Uncanny Groups for LearnDash 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-1852
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2024-1852 WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
PT-2024-18363 · WordPress · Wp-Members Membership Plugin
Name of the Vulnerable Software and Affected Versions: WP-Members Membership Plugin versions prior to 3.4.9.3 Description: The WP-Members Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header due to insufficient input sanitization and output...
Cross site scripting
Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...
CVE-2020-13474
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...
CVE-2020-14018
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field;...
Apache Jetspeed User Manager Unauthorized Operation Vulnerability
Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...