216 matches found
CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions actionrequestdisable, actionchangetemplate, and actionrequestenable in all versions up to, and including, 2.4.43. This makes it possible for...
CVE-2024-21065
Oracle PeopleSoft CVE-2024-21065 affects PeopleTools Workflow in versions 8.59–8.61. Root cause: insufficient input validation in the Workflow component allows an unauthenticated, HTTP-accessible attacker to read, modify, add or delete data, with human interaction required. Impact aligns to unaut...
PT-2024-4896 · Oracle · Oracle Complex Maintenance
Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product within...
PT-2024-18378 · WordPress · Colibri Page Builder
Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.260 Description: The issue is related to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function. This allows...
CVE-2024-20947
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
Royal Elementor Addons and Templates < 1.3.88 - Missing Authorization via wpr_update_form_action_meta
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers...
CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2024-0835
CVE-2024-0835 affects the Royal Elementor Kit theme for WordPress. A missing capability check in the dismissed_handler function (versions up to and including 1.0.116) allows authenticated attackers with subscriber access or higher to update transients to true. Impact is limited to transients; no ...
CVE-2024-0869 Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...
CVE-2023-6384 WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar...
CVE-2024-20928
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...
CVE-2024-20930
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-50783
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are...
Improper Access Control
openjdk8 is vulnerable to Improper Access Control. An attacker can unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data via CORBA...
Unauthorized account can update policy of any account without a policy
Lines of code Vulnerability details Impact Unauthorized account can update policy of any account without a policy Proof of Concept if currentCommit == bytes320 && msg.sender == AddressProviderService.getAuthorizedAddressSAFEDEPLOYERHASH The argument passed into getAuthorizedAddress -...
CVE-2023-22122
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2023-22127
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...
CVE-2023-2353
The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...