9 matches found
CVE-2026-8383
The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...
CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...
CVE-2026-8383
The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...
PT-2026-50244
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...
CVE-2025-4056
creationtimestamp| type| source ---|---|--- 2025-07-28 15:40:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luzwj5k2io2q 2026-01-08 05:04:36+00:00| seen| Telegram/WxrxB6nrBwZwliVPEyx9PqLlLqeacusuGOqkaC87KoVWLg0 2026-02-02 14:20:51+00:00| seen|...
CVE-2025-49578 Citizen allows stored XSS in user registration date message
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by Language::userDate are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the...
CVE-2025-4315
creationtimestamp| type| source ---|---|--- 2025-06-11 10:35:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18064 2025-06-11 11:03:08+00:00| seen| Telegram/NGz98OHuB76pMx88tOKfrQtc8XVIqKfHlr0e5BI3wIw-X8 2025-06-11 11:03:35+00:00| seen| Telegram/buh-ut9DiubPByy1siFNTwRZbQngXllC1XVuRrrneGPkx...
CVE-2024-46538
creationtimestamp| type| source ---|---|--- 2024-10-22 20:28:40+00:00| seen| https://t.me/cvedetector/8638 2024-10-23 16:22:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8817 2024-10-23 17:44:48+00:00| published-proof-of-concept| https://t.me/proxybar/2323 2024-10-23...
Transport Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Transport Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...