CVE-2026-6512

The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete...

PT-2026-41019

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

CVE-2026-33706 Chamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

CVE-2026-33706

Chamilo LMS prior to 1.11.38 contains a privilege escalation via the REST API. An authenticated user with a REST API key can modify their own status through the update_user_from_username endpoint, allowing a student (status=5) to elevate to Teacher/CourseManager (status=1) and obtain course creat...

PT-2026-32021

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update user from username endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and...

CVE-2026-3882

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-13149 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status Modification

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up to, and including,...

CVE-2025-39980

The CVE-2025-39980 issue is a Linux kernel vulnerability where changing the FDB status of a nexthop that is in a group could previously be performed, risking invalid configurations and potential non-persistent defects. The documented fix prevents changing the nexthop FDB status while it remains i...

WordPress Plugin Bookster Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

HackerOne: An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed

A vulnerability was found where users could create and modify the status of pentest opportunities without going through the intended review process...

编号撤回

This CVE number has been withdrawn...

WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to post/page status change to draft or published discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...

WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to status change of translation job discovered by Dave Jong Patchstack in WordPress WPML Multilingual CMS premium plugin versions = 4.5.13. Solution Update the WordPress Multilingual CMS plugin to the latest available version at least 4.5.14...

Notice Of Change Announcement For Citrix - Citrix SD-WAN

Citrix Systems, Inc. announces a Notice of Status Change for the Citrix SD-WAN product line SD-WAN 110-SE, SD-WAN 210-SE, SD-WAN 210-PE, SD-WAN 1100-SE, SD-WAN 1100-PE, SD-WAN 2100-SE, SD-WAN 2100-PE, SD-WAN 4100-SE, SD-WAN 4100PE, SD-WAN 6100-SE, SD-WAN 6100-PE, Advanced edition Add-On SKU, Clou...

It should never be possible to change the status of a completed task

Lines of code Vulnerability details High Risk Finding Impact In Project.sol, once a task is set as completed by calling function setComplete, the contract pays the subcontractor. Once in this state, in should not be possible to change the task state back to ACTIVE/INACTIVE, because then the same...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress...

CVE-2021-24251

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status from pending to completed to...

NOTICE-OF-CHANGE ANNOUNCEMENT FOR CITRIX SD-WAN 5100 WANOP Edition and 4100 WANOP Edition

Citrix Systems, Inc. announces a Notice of Status Change for the Citrix SD-WAN formerly NetScaler 5100 WANOP and 4100 WANOP appliances. The tables below explain the Citrix SD-WAN life cycle management milestones as well as important information regarding dates and options during this period. The...

Netscaler Notice of Status Change Announcement for Classic Policy Based Features and Functionalities

Citrix Systems, Inc. announces a Notice of Status Change NSC for Citrix ADC Classic policy-based features and functionalities. The dates and milestones provided are in accordance with stated End of Life/End of Support policies for Citrix Systems, Inc. Citrix ADC Features & Functionalities Affecte...

HackerOne: Changes to data in a CVE request after draft via GraphQL query

Summary: Our team has conducted a number of studies tests in the field of CVE Request. We found several statuses of such requests Awaiting Publication, Pending HackerOne approval, Cancelled . At the time of creating the request , we can change the data. However, we noticed that we can 't change...