Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/29 7:17 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the capturePayment, cancel, mark paid, mark complete, archive, start processing, mark delivered, and edit tracking actions within the admin panel components. An attacker can perform unauthorized modifications t...

8.6CVSS5.8AI score0.00258EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/23 6:19 p.m.6 views

WordPress Appmax plugin <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability

Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability discovered by WordFence in WordPress Plugin Appmax versions = 1.0.3...

5.3CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.5 views

CVE-2026-27007

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

4.8CVSS5.5AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/02/18 10:44 p.m.4 views

GHSA-XXVH-5HWJ-42PP OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation

Description normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether...

4.8CVSS5.6AI score0.00157EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.11 views

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-0229

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.004EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.14 views

RestroPress < 2.8.3.1 - Unauthorised AJAX Calls

The plugin did not check for CSRF as well as capability in some of its AJAX calls which should only be accessible by admin. As a result, any authenticated user can change arbitrary order status, as well as access arbitrary order details including PII such as phone number and address PoC Change th...

0.3AI score
Exploits0Affected Software1
Rows per page
Query Builder