68 matches found
CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...
CVE-2026-5712
IdentityIQ (all versions) is affected: an authenticated user who is the requestor or assignee of a work item can edit a role definition without having the capability to do so. Underlying issue is incorrect authorization. CVSS v3.1 base score 8.0 (HIGH) with network attack vector, high complexity,...
CVE-2025-14866
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14866
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14866
CVE-2025-14866 (Melapress Role Editor, WordPress) The Wordfence vulnerability analysis confirms an unauthenticated privilege-escalation risk in Melapress Role Editor for WordPress, up to version 1.1.1, due to a misconfigured capability check in save_secondary_roles_field. This flaw allows authent...
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14866
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability
Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...
WordPress plugin Melapress Role Editor has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-4351
Name of the Vulnerable Software and Affected Versions Melapress Role Editor plugin for WordPress versions prior to 1.1.2 Description The Melapress Role Editor plugin for WordPress is subject to a privilege escalation issue. An attacker with Subscriber-level access or higher can assign themselves...
EUVD-2021-11896
Malware in sbrugna...
EUVD-2024-27873
Malicious code in bioql PyPI...
EUVD-2024-50749
Malicious code in bioql PyPI...
CVE-2025-60102
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through = 4.2.3...
WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WPFront User Role Editor versions = 4.2.3...
CVE-2025-60102
CVE-2025-60102 : Stored Cross-Site Scripting in WPFront User Role Editor for WordPress. Affected software: WPFront User Role Editor, version range up to and including 4.2.3. Root cause and impact: improper neutralization of input during web page generation leading to stored XSS. Public details in...
CVE-2025-60102 WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through = 4.2.3...
CVE-2024-11008
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts tha...
CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...