Lucene search
K

23 matches found

NVD
NVD
added 2026/05/14 9:16 a.m.7 views

CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

9.1CVSS0.00093EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.7 views

PT-2026-41019

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS5.9AI score0.00032EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 6:51 p.m.15 views

CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

7.1CVSS0.00034EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 6:51 p.m.7 views

CVE-2026-33706

Chamilo LMS prior to 1.11.38 contains a privilege escalation via the REST API. An authenticated user with a REST API key can modify their own status through the update_user_from_username endpoint, allowing a student (status=5) to elevate to Teacher/CourseManager (status=1) and obtain course creat...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-32021

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update user from username endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and...

7.1CVSS5.8AI score0.00034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:32 a.m.2 views

CVE-2026-3882

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 8:28 a.m.7 views

CVE-2025-13149 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up to, and including,...

4.3CVSS0.00036EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 7:56 a.m.8 views

CVE-2025-39980

The CVE-2025-39980 issue is a Linux kernel vulnerability where changing the FDB status of a nexthop that is in a group could previously be performed, risking invalid configurations and potential non-persistent defects. The documented fix prevents changing the nexthop FDB status while it remains i...

6AI score0.00063EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.1 views

WordPress Plugin Bookster Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS6.6AI score0.00159EPSS
Exploits2References2
Hacker One
Hacker One
added 2023/06/27 6:45 p.m.9 views

HackerOne: An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed

A vulnerability was found where users could create and modify the status of pentest opportunities without going through the intended review process...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.2 views

编号撤回

This CVE number has been withdrawn...

5.4AI score
Exploits0
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.29 views

WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to post/page status change to draft or published discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...

3AI score0.00046EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/11/09 12:0 a.m.24 views

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to status change of translation job discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13. Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

4.3CVSS3.1AI score0.00124EPSS
Exploits0Affected Software1
Citrix
Citrix
added 2022/10/10 12:0 a.m.5 views

Notice Of Change Announcement For Citrix - Citrix SD-WAN

Citrix Systems, Inc. announces a Notice of Status Change for the Citrix SD-WAN product line SD-WAN 110-SE, SD-WAN 210-SE, SD-WAN 210-PE, SD-WAN 1100-SE, SD-WAN 1100-PE, SD-WAN 2100-SE, SD-WAN 2100-PE, SD-WAN 4100-SE, SD-WAN 4100PE, SD-WAN 6100-SE, SD-WAN 6100-PE, Advanced edition Add-On SKU, Clou...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.10 views

It should never be possible to change the status of a completed task

Lines of code Vulnerability details High Risk Finding Impact In Project.sol, once a task is set as completed by calling function setComplete, the contract pays the subcontractor. Once in this state, in should not be possible to change the task state back to ACTIVE/INACTIVE, because then the same...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.2 views

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

8.1CVSS7.6AI score0.00098EPSS
Exploits0References2
OSV
OSV
added 2021/05/06 1:15 p.m.1 views

CVE-2021-24251

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status from pending to completed to...

4.3CVSS5.9AI score0.00142EPSS
Exploits2References1
Citrix
Citrix
added 2021/03/18 12:0 a.m.4 views

NOTICE-OF-CHANGE ANNOUNCEMENT FOR CITRIX SD-WAN 5100 WANOP Edition and 4100 WANOP Edition

Citrix Systems, Inc. announces a Notice of Status Change for the Citrix SD-WAN formerly NetScaler 5100 WANOP and 4100 WANOP appliances. The tables below explain the Citrix SD-WAN life cycle management milestones as well as important information regarding dates and options during this period. The...

6.6AI score
Exploits0
Citrix
Citrix
added 2021/02/25 12:0 a.m.8 views

Netscaler Notice of Status Change Announcement for Classic Policy Based Features and Functionalities

Citrix Systems, Inc. announces a Notice of Status Change NSC for Citrix ADC Classic policy-based features and functionalities. The dates and milestones provided are in accordance with stated End of Life/End of Support policies for Citrix Systems, Inc. Citrix ADC Features & Functionalities Affecte...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/03/08 8:42 p.m.21 views

HackerOne: Changes to data in a CVE request after draft via GraphQL query

Summary: Our team has conducted a number of studies tests in the field of CVE Request. We found several statuses of such requests Awaiting Publication, Pending HackerOne approval, Cancelled . At the time of creating the request , we can change the data. However, we noticed that we can 't change...

0.3AI score
Exploits0
Rows per page
Query Builder