Lucene search
+L

7 matches found

CVE
CVE
added 2025/02/22 3:20 a.m.56 views

CVE-2024-13873

WP Job Portal for WordPress (plugin) is vulnerable up to version 2.2.8. An Insecure Direct Object Reference exists in deleteUserPhoto() due to missing validation of a user-controlled key, enabling authenticated users with Subscriber+ rights to remove profile photos from other user accounts. The i...

4.3CVSS4.3AI score0.00302EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/22 3:20 a.m.10 views

CVE-2024-13873 WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto function due to missing validation on a user controlled key. This makes it...

4.3CVSS4.3AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/14 3:5 p.m.20 views

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

3.5CVSS4AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/14 3:5 p.m.49 views

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

3.5CVSS0.00413EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/04/13 6:35 p.m.21 views

Nextcloud: Missing permission check when removing a photo from an album

There was a vulnerability in the Nextcloud application where the permission check was missing when removing a photo from an album...

3.5CVSS3.8AI score0.00413EPSS
Exploits0
The Hacker News
The Hacker News
added 2013/09/01 5:43 p.m.11 views

Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug

Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2013/09/01 6:43 a.m.14 views

Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug

Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...

6.8AI score
Exploits0
Rows per page
Query Builder