Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/02/07 12:0 a.m.10 views

Bdtask Business Live Chat Software 跨站请求伪造漏洞

Bdtask Business Live Chat Software is an online meeting software developed by the Bangladeshi company Bdtask. Version 1.0 of Bdtask Business Live Chat Software has a cross-site request forgeing vulnerability. This vulnerability arises because attackers may be able to change user account roles...

5.3CVSS5.7AI score0.00181EPSS
Exploits0References3
NVD
NVD
added 2025/11/13 4:15 a.m.5 views

CVE-2025-11923

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the...

8.8CVSS0.00292EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 10:30 a.m.6 views

CVE-2024-12293

The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the updateroles function. This makes it possible for unauthenticated attackers to add or remove roles for...

8.8CVSS9.1AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.8 views

PT-2024-37765

Name of the Vulnerable Software and Affected Versions WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.3 Description The issue allows unauthorized modification of data due to a missing capability check on the woo slg login email function. This enables...

9.8CVSS5.9AI score0.00518EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.27 views

CVE-2019-14841

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console...

8.7AI score0.00617EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/07/19 12:0 a.m.37 views

Blackboard Courseinfo v4.0 User Authentication

Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...

7AI score
Exploits0
Rows per page
Query Builder