CVE-2024-13423

CVE-2024-13423 applies to the Sparkling WordPress theme/plugin (affected versions: ≤ 2.4.9). Root cause: missing capability checks in functions sparkle_activate_plugin and sparkle_deactivate_plugin, enabling unauthenticated users to activate/deactivate arbitrary plugins. Impact: unauthorized plug...

PT-2024-20457 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 0.122.4 Description: The issue allows access to plugins without proper authorization when the application is password-protected and deployed with the ACCESS CODE option. This means that even though the application...