24 matches found
CVE-2025-14533
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...
CVE-2025-14533
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...
CVE-2025-14533
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...
CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...
PT-2026-3548
Advanced Custom Fields: Extended Plugin Advanced Custom Fields: Extended versions up to and including 0.9.2.1 Description The Advanced Custom Fields: Extended plugin for WordPress has a flaw that allows unauthenticated attackers to gain administrator access. This is due to insufficient restrictio...
EUVD-2011-1319
Malware in sbrugna...
EUVD-2017-3743
Malware in sbrugna...
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
A Privilege Escalation vulnerability was identified in the Keycloak identity and access management solution, specifically when FGAPv2 is enabled in version 26.2.x. The flaw lies in the admin permission enforcement logic, where a user with manage-users privileges can self-assign realm-admin rights...
CVE-2011-1311
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
F5 Big-IP Create Administrative User
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...
Login with Cognito < 1.4.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Cognito Login » Configure OAuth", and a...
Red Hat Keycloak 访问控制错误漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An access control error vulnerability exists in Red Hat Keycloak before version 13.0.0, which originates from a user being able to access...
CVE-2017-12167
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
Design/Logic Flaw
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
CVE-2017-12167
CVE-2017-12167 affects Red Hat JBoss EAP 7.x prior to 7.0.9. The flaw is in properties-based files used for management and application realm configuration where user-to-role mappings are world-readable, enabling information disclosure of users/roles to any authenticated user. Connected advisories...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...