2 matches found
CVE-2025-13794
CVE-2025-13794 affects the Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Versions up to and including 4.2.1 are vulnerable due to a missing capability check in bulk_action_generate_handler, enabling an authenticated user with Contributor-level access or higher to delete or generate ...
PT-2021-14897 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 and up Description: An authorization issue allowed a group maintainer to modify group CI/CD variables, which should be restricted to group owners. Recommendations: For GitLab CE/EE versions 9.4 and up, consider...