CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

EUVD-2022-5864

Malicious code in bioql PyPI...

CVE-2021-36877

Cross-Site Request Forgery CSRF vulnerability in WordPress uListing plugin versions = 2.0.5 makes it possible for attackers to modify user roles...

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0...