7 matches found
CVE-2024-13873
WP Job Portal for WordPress (plugin) is vulnerable up to version 2.2.8. An Insecure Direct Object Reference exists in deleteUserPhoto() due to missing validation of a user-controlled key, enabling authenticated users with Subscriber+ rights to remove profile photos from other user accounts. The i...
CVE-2024-13873 WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto function due to missing validation on a user controlled key. This makes it...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
Nextcloud: Missing permission check when removing a photo from an album
There was a vulnerability in the Nextcloud application where the permission check was missing when removing a photo from an album...
Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug
Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...
Vulnerability allowed hacker to Delete any Facebook Photo; Rewarded with $12,500 for reporting bug
Indian Security Enthusiast 'Arul Kumar' recently reported an interesting Facebook vulnerability that allowed him to delete any Facebook image within a minute. Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole in their...