6 matches found
CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure
Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability
Private Message Disclosure via IDOR vulnerability discovered by Veshraj Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
mailman security update
CentOS Errata and Security Advisory CESA-2015:1417 Updated mailman packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...