2 matches found
CVE-2026-56311 Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...
CVE-2024-12365
CVE-2024-12365 affects the W3 Total Cache WordPress plugin (versions up to and including 2.8.1). The vulnerability arises from a missing capability check in is_w3tc_admin_page, enabling authenticated attackers with Subscriber-level access or higher to obtain the plugin nonce, perform unauthorized...