WordPress plugin Booking for Appointments and Events Calendar – Amelia 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

Incorrect Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the approve command in Discord integration. An attacker can gain unauthorized approval of pending host executions by issuing the command without being included...

CVE-2023-4379

GitLab Enterprise Edition vulnerability CVE-2023-4379: Code owner approval was not removed from merge requests when the target branch was updated. Affected GitLab EE versions are 15.3–16.2.8, 16.3–16.3.5, and 16.4–16.4.1. Consequence is improper merge request handling potentially enabling unautho...

Multiple Plugins from Addify - Multiple CSRF

The plugins have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions addify-order-approval-woocommerce - To make a logged in admin approve the order with ID 103...

CVE-2021-39945

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project...

BigBlueButton 2.2.29 E-mail Validation Bypass

Title: BigBlueButton E-mail Validation Bypass Google Dork: N/A Date: 24.11.2020 Author: Seccops https://seccops.com Vendor Homepage: bigbluebutton.org Version: 2.2.29 and previous versions CVE: CVE-2020-29043 === Summary === An issue was discovered in BigBlueButton through 2.2.29. When at attacke...