CVE-2026-48943

Summary: CVE-2026-48943 affects K2 ≤ 2.24 in the plg_user_k2, a Joomla extension. A mass-assignment defect allows a registered Joomla user to include K2UserForm=1 in a standard com_users profile.save POST, enabling writes to arbitrary values in the notes, image, and plugins columns of their own r...

CVE-2026-48943 Joomla Extension - getk2.com - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

CVE-2026-34427

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

EUVD-2026-23850

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

CVE-2026-34427

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

CVE-2026-34427

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

CVE-2026-34427 Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

CVE-2026-34427 Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject roleid=1 into profile save requests to escalate to Super Administrator privileges,...

PT-2026-33772

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role id=1 into profile save requests to escalate to Super Administrator privileges,...

CVE-2026-0844 Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profilesavefield' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

CVE-2026-0844

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profilesavefield' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

CVE-2026-0844

CVE-2026-0844 impacts the WordPress Simple User Registration plugin (

EUVD-2022-51407

Malicious code in bioql PyPI...

PT-2021-10212 · Unknown · Ignited Cms

Name of the Vulnerable Software and Affected Versions: IgnitedCMS version 1.0 Description: The issue allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save profile". This is a Cross Site Request Forgery CSRF issue, which can be exploited ...