3 matches found
CVE-2026-8383
The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...
CVE-2026-8383
The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...
Updated gnome-shell packages fix security vulnerability
Drop extra capabilities from gnome-shell. They're optional and they break shutdown from the login screen with new glibs. CVE-2021-3982...