7 matches found
CVE-2024-1175
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...
CVE-2024-1175
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...
CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...
CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...
WordPress WP-Recall plugin <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment vulnerability
Unauthenticated Payment Deletion via deletepayment vulnerability discovered by Francesco Carlucci in WordPress Plugin WP-Recall versions = 16.26.6...
WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers ...
Harvest: PM can delete payment of any invoice in company (Access control Issue)
Hi Team, Description : Project managerFull Access have Access to only assigned projects and he will have access to limited Invoices. But Project manager can Delete Payment of Any invoices in the company. The HTTP request Doesn't check whether Project manager have access to the project or not. HTT...