5 matches found
CVE-2025-64105 FOSSBilling: IDOR Vulnerability in Support Ticket Creation
FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...
Exploit for Improper Authorization in Wbce Wbce_Cms
CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation...
CVE-2026-28696 Craft affected by IDOR via GraphQL @parseRefs
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...
WordPress plugin StoreApps Affiliate For WooCommerce premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2021-24647
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...