CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

CVE-2026-7407

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

CVE-2026-7294

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...

CVE-2026-7294 SourceCodester Pizzafy Ecommerce System index.php save_settings cross site scripting

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /admin/index.php?page=savesettings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit h...

CVE-2024-46377

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the savesettings function of the file rental/adminclass.php...

CVE-2024-46377

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the savesettings function of the file rental/adminclass.php...

CVE-2023-3408

CVE-2023-3408 affects the Bricks theme for WordPress. The vulnerability is a CSRF flaw caused by missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to modify theme settings. This could enable a setting that lets low-privileged users (e.g., contrib...

CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

CVE-2024-7500

A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function savesettings of the file admin/adminclass.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. Th...

CVE-2024-7500 itsourcecode Airline Reservation System admin_class.php save_settings unrestricted upload

A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function savesettings of the file admin/adminclass.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. Th...

Payroll Management System Security Vulnerability

Payroll Management System is a payroll management system developed by Carlo Montero. A security vulnerability exists in Payroll Management System version 1.0, which can be exploited by an unauthenticated attacker to upload a malicious PHP file using the "savesettings" page's image upload...

CVE-2024-3435

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

CVE-2024-3435

CVE-2024-3435 affects parisneo/lollms-webui prior to version 9.5. The flaw is a path traversal vulnerability in the save_settings endpoint, caused by insufficient sanitization of the config parameter in the apply_settings function. Attackers can manipulate the application’s configuration by sendi...

CVE-2024-3287

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

CVE-2024-0201

CVE-2024-0201 affects Product Expiry for WooCommerce (WordPress). Root cause: missing capability check in the plugin’s save_settings function, allowing authenticated users with subscriber-level permissions or higher to modify settings in versions up to 2.5. Remediate by upgrading to 2.6 (patched)...

CVE-2023-1432

A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=savesettings of the component POST Request Handler. The manipulation leads to improper access control...

CVE-2023-0943 SourceCodester Best POS Management System Image save_settings unrestricted upload

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function savesettings of the file index.php?page=sitesettings of the component Image Handler. The manipulation of the argument img with the input...