Lucene search
K

8 matches found

NVD
NVD
added 2025/10/03 12:15 p.m.21 views

CVE-2025-9209

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...

9.8CVSS0.02196EPSS
Exploits6References2
EUVD
EUVD
added 2025/10/03 11:17 a.m.11 views

EUVD-2025-32281

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...

9.8CVSS5.8AI score0.02196EPSS
Exploits6References3
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.18 views

CVE-2025-9209 RestroPress – Online Food Ordering System 3.0.0 - 3.1.9.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...

9.8CVSS0.02196EPSS
Exploits6References2
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.9 views

PT-2025-40490

Name of the Vulnerable Software and Affected Versions RestroPress – Online Food Ordering System plugin for WordPress versions 3.0.0 through 3.1.9.2 Description The RestroPress plugin for WordPress is affected by an authentication bypass issue. The plugin exposes user private tokens and API data...

9.8CVSS5.7AI score0.02196EPSS
Exploits6References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 7:11 p.m.35 views

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An information disclosure vulnerability exists in Sourcegraph versions prior to 3.33.2. The vulnerability stems from the fact that Sourcegraph prior to version 3.33.2 is susceptible to a side-channel attack,...

6.5CVSS6.5AI score0.00837EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/09/15 10:13 p.m.30 views

GitLab: all private tokens are leaked to an unauthenticated attacker

Using the api, one can obtain the authentication token for any user on gitlab: $ curl -s --request GET https://gitlab.com/api/v4/users/951422 | jq '.authenticationtoken' "redacted" We can then use this token to impersonate any user to perform any action they can perform: $ curl --request POST...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2016/11/05 1:33 p.m.21 views

Trello: Stealing power up private tokens (trello, twitter, github...)

It was possible for a malicious power-up to modify it's communications with the Trello web client in a way that would cause itself to be misidentified as a different power-up. This would potentially allow the malicious power-up to access the other power-up's private data, potentially including AP...

6.8AI score
Exploits0
Rows per page
Query Builder