CVE-2023-5454

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...

CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...

CVE-2025-3471

CVE-2025-3471 concerns the SureForms WordPress plugin, prior to version 1.4.4. The root cause is an insufficient authorisation check when updating plugin settings via the REST API, potentially allowing a user with Contributor or higher privileges to perform settings updates. Public details across...

CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

VulnCheck KEV: CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...