8 matches found
CVE-2025-9209
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...
EUVD-2025-32281
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...
CVE-2025-9209 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...
PT-2025-40490
Name of the Vulnerable Software and Affected Versions RestroPress – Online Food Ordering System plugin for WordPress versions 3.0.0 through 3.1.9.2 Description The RestroPress plugin for WordPress is affected by an authentication bypass issue. The plugin exposes user private tokens and API data...
Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...
Sourcegraph 信息泄露漏洞
Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An information disclosure vulnerability exists in Sourcegraph versions prior to 3.33.2. The vulnerability stems from the fact that Sourcegraph prior to version 3.33.2 is susceptible to a side-channel attack,...
GitLab: all private tokens are leaked to an unauthenticated attacker
Using the api, one can obtain the authentication token for any user on gitlab: $ curl -s --request GET https://gitlab.com/api/v4/users/951422 | jq '.authenticationtoken' "redacted" We can then use this token to impersonate any user to perform any action they can perform: $ curl --request POST...
Trello: Stealing power up private tokens (trello, twitter, github...)
It was possible for a malicious power-up to modify it's communications with the Trello web client in a way that would cause itself to be misidentified as a different power-up. This would potentially allow the malicious power-up to access the other power-up's private data, potentially including AP...