2 matches found
Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS
The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...
WordPress Student Result or Employee Database plugin <= 1.7.9 - Unauthorized REST Calls vulnerability
Unauthorized REST Calls vulnerability discovered by WPScanTeam in WordPress Student Result or Employee Database plugin versions = 1.7.9. Solution Update the WordPress Student Result or Employee Database plugin to the latest available version at least 1.8.0...