12 matches found
EUVD-2021-11232
Malware in sbrugna...
EUVD-2022-42880
Malicious code in bioql PyPI...
EUVD-2023-44342
Malicious code in bioql PyPI...
CVE-2022-3511
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
CVE-2021-24318
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector...
Code injection
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
Design/Logic Flaw
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
Design/Logic Flaw
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as subscriber to download arbitrary exported tickets via an IDOR vector...
Unspecified vulnerability in Listeo WordPress plugin (CNVD-2021-44295)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Listeo WordPress has a security vulnerability before...
Cross site request forgery (csrf)
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector...