2 matches found
GHSA-5X2W-37XF-7962 AVideo has Unauthenticated PGP Message Decryption via Public Endpoint
Summary The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a private key, ciphertext, and passphrase to the endpoint and receive the decrypted plaintext in the JSON respons...
CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize
The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...