CVE-2021-38312

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

Authorization

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312

The CVE-2021-38312 entry concerns the WordPress Gutenberg Template Library & Redux Framework plugin, affected versions

Meow Gallery < 4.2.0 - Unauthorised Arbitrary Options Update via REST API

The plugin does not properly check for capability in its REST API, allowing - Any authenticated user with the uploadfile capability such as author+ to call them in versions before 4.1.9 - Any unauthenticated user to call them except the restallsettings endpoint, in 4.1.9 One endpoint in...

Meow Gallery < 4.2.0 - Unauthorised Arbitrary Options Update via REST API

The plugin does not properly check for capability in its REST API, allowing - Any authenticated user with the uploadfile capability such as author+ to call them in versions before 4.1.9 - Any unauthenticated user to call them except the restallsettings endpoint, in 4.1.9 One endpoint in...

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to potentially sensitive information about a site’s...

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

Authentication flaw

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-37415

CVE-2021-37415 affects Zoho ManageEngine ServiceDesk Plus. Before 11302, the product is vulnerable to an authentication bypass that allows access to a number of REST-API URLs without authentication. According to multiple sources, affected versions include 11.3 before 11302, 11.2 before 11208, 11....

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2021-22029

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...

Denial of service

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...

CVE-2021-22029

CVE-2021-22029 affects VMware Workspace ONE UEM REST API. A malicious actor with access to /API/system/admins/session can cause API denial of service due to improper rate limiting. The NVD lists CVSSv3 base 7.5 (HIGH); VMware’s advisory VMSA-2021-0017 notes a MODERATE severity with CVSSv3 up to 5...

CVE-2021-22029

VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...

parse-server new anonymous user session acts as if it's created with password

Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...