51 matches found
CVE-2025-8676 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the getactiveplugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-12879
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qcwplatestupdatecheckpro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-3053
The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azhaddpost' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and...
CVE-2021-1065
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x prior to 8.6 and version 11.0 prior to 11.3...
CVE-2025-3428
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-1657
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...
CVE-2025-1483
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtzwdsavedropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to...
CVE-2024-10729 Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savegooglecalendardata' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with...
BIT-GRAFANA-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
UBUNTU-CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2024-6322
CVE-2024-6322 is documented as a Grafana-related issue where access control for plugin data sources protected by the ReqActions field in plugin.json can be bypassed if a user or service account has query access to any other data source. The root cause is that the ReqActions check is not scoped to...
PT-2024-37543 · Grafana · Grafana
Name of the Vulnerable Software and Affected Versions: Grafana versions 11.1.0 through 11.1.1 Grafana versions 11.1.2 through 11.1.3 Description: Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted...
PT-2024-16636 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...
PT-2024-17958 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the reinitialize function. This...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterpris that stems from an HTTP search API...