7 matches found
CVE-2026-10750
The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...
CVE-2026-10750
CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...
CVE-2026-1103 AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...
EUVD-2021-11573
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-1000483
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method...
RHEL 5 : conga (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - plone: private content access in through-the-web templates CVE-2017-1000483 - plone: Open URL redirect...
Plone Information Disclosure Vulnerability (CNVD-2018-02150)
Plone is the U.S. Plone Foundation's set of free and open source content management system CMS built on an application server Zope. The system is developed in Python language , suitable for web portals , internal and external corporate websites , document publishing systems and so on. An...