6 matches found
Bdtask Business Live Chat Software 跨站请求伪造漏洞
Bdtask Business Live Chat Software is an online meeting software developed by the Bangladeshi company Bdtask. Version 1.0 of Bdtask Business Live Chat Software has a cross-site request forgeing vulnerability. This vulnerability arises because attackers may be able to change user account roles...
CVE-2025-11923
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...
CVE-2024-12293
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the updateroles function. This makes it possible for unauthenticated attackers to add or remove roles for...
PT-2024-37765
Name of the Vulnerable Software and Affected Versions WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.3 Description The issue allows unauthorized modification of data due to a missing capability check on the woo slg login email function. This enables...
CVE-2019-14841
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console...
Blackboard Courseinfo v4.0 User Authentication
Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...