4960 matches found
CVE-2024-10008 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...
CVE-2024-10008
CVE-2024-10008 – Masteriyo LMS (WordPress) : Versions up to 1.13.3 are affected. An attacker with student-level access or higher can exploit missing authorization checks on the REST endpoint /wp-json/masteriyo/v1/users/$id to modify arbitrary user roles, enabling privilege escalation to Administr...
CVE-2024-49329
Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through = 1.0.0...
CVE-2024-49329 WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through = 1.0.0...
CVE-2024-49329
CVE-2024-49329 concerns the WP REST API FNS WordPress plugin (versions
CVE-2024-49328
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...
CVE-2024-49328
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through = 1.0.0...
CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0...
CVE-2024-49328
CVE-2024-49328 is an authentication bypass vulnerability in the WP REST API FNS WordPress plugin, enabling account takeover. The issue affects WP REST API FNS versions from 1.0.0 and earlier, and is described consistently across sources (NVD, CVE, Red Hat). Connected documents corroborate: the vu...
CVE-2024-49328 WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through = 1.0.0...
WordPress plugin WP REST API FNS 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2024-33469 · WordPress · Wp Rest Api Fns
Name of the Vulnerable Software and Affected Versions: WP REST API FNS versions 1.0.0 and earlier Description: There is an Authentication Bypass Using an Alternate Path or Channel issue in WP REST API FNS, allowing users to bypass authentication. This lets users gain unauthorized access...
WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WP REST API FNS versions = 1.0.0...
WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Arbitrary File Upload
Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49329 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 82dff35973b2 Credits stealthcopter Required privilege...
Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API, which listens on TCP port 8443 by default. The issue results from t...
WordPress WP REST API FNS Plugin <= 1.0.0 is vulnerable to Privilege Escalation
Software WP REST API FNS Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-49328 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b5035012904a Credits stealthcopter Required privilege...
CVE-2022-4972
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive...
CVE-2019-25214
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...
CVE-2019-25214 ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...
CVE-2022-4972
CVE-2022-4972 concerns the Download Monitor plugin for WordPress, affected up to version 4.7.51. The vulnerability is an authorization bypass caused by a missing capability check on several REST-API routes related to reporting. This allows unauthenticated attackers to view user data and other sen...