579 matches found
EUVD-2025-206765
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
CVE-2025-11598
The CVE-2025-11598 entry describes a vulnerability in the mObywatel iOS app where an unauthorized user can use the App Switcher to view the account owner’s personal information in the minimized app window after the login session has ended. The data exposed depends on the last application view sho...
Ministerstwo Cyfryzacji mObywatel 安全漏洞
Ministerstwo Cyfryzacji mObywatel is a national digital identity and government services application developed by the Polish Ministry of Digital Affairs. Versions of Ministerstwo Cyfryzacji mObywatel prior to version 4.71.0 contained a security vulnerability. This vulnerability allowed unauthoriz...
PT-2026-5872
Name of the Vulnerable Software and Affected Versions mObywatel versions prior to 4.71.0 Description An unauthorized user can view an account owner's personal information in the minimized application window using the App Switcher, even after the login session has ended. Reopening the application...
WordPress Elegant Addons for elementor plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability discovered by stealthcopter in WordPress Plugin Elegant Addons for elementor versions = 1.0.8...
CVE-2019-18668
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This...
CVE-2023-49834
Cross-Site Request Forgery CSRF vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4...
CVE-2025-23939
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KHAN-IT Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through = 1.1...
CVE-2025-23619
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through = 2.0...
CVE-2025-12524
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
CVE-2025-12524
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
CVE-2025-12524
CVE-2025-12524 refers to the WordPress plugin Post Type Switcher (versions up to and including 4.0.0). The issue is an Insecure Direct Object Reference due to missing validation on a user-controlled key, allowing authenticated attackers with Author-level access or higher to modify the post type o...
CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
EUVD-2025-197957
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
CVE-2025-12524 Post Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type Change
The Post Type Switcher plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.0.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to modify the post type...
WordPress plugin Post Type Switcher 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-47243
Name of the Vulnerable Software and Affected Versions Post Type Switcher plugin for WordPress versions up to and including 4.0.0 Description The software contains an Insecure Direct Object Reference issue because of missing validation on a user-controlled key. Authenticated attackers with...