WordPress All-in-One WP Migration Unlimited Extension plugin <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Backup Schedule Creation and Backup File Download vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin All-in-One WP Migration Unlimited Extension versions = 2.83...

CVE-2026-5753

The CVE CVE-2026-5753 concerns the All-in-One WP Migration Unlimited Extension for WordPress (versions ≤ 2.83). The root cause is Missing Authorization in Ai1wmve_Schedules_Controller::save for admin_post_ai1wm_schedule_event_save, which does not verify user capabilities before saving schedule da...

AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

Summary The plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless of ownership. When the schedule executes, the rebroadcast runs under the...

GHSA-2RM7-J397-3FQG AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

Summary The plugin/PlayLists/View/Playlistsschedules/add.json.php endpoint allows any authenticated user with streaming permission to create or modify broadcast schedules targeting any playlist on the platform, regardless of ownership. When the schedule executes, the rebroadcast runs under the...

Missing Authorization

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization in the scheduler endpoint. An attacker can gain unauthorized access to create, modify, or delete schedules by sending crafted...

FreeBSD : Gitlab -- Vulnerabilities (fa239535-30f6-11ee-aef9-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fa239535-30f6-11ee-aef9-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions starting from 15.2 before...

PT-2023-18835 · Unknown · Supportcenter Plus

Name of the Vulnerable Software and Affected Versions: Support Center Plus version 11 Description: The issue is an OS Command injection vulnerability in Support Center Plus via Executor in Action when creating new schedules. Recommendations: For Support Center Plus version 11, consider disabling...

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...