CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

CVE-2025-13680

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

EUVD-2024-47571

Malicious code in bioql PyPI...

CVE-2025-3418

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.7 - Authenticated (Subscriber+) Privilege Escalation

Description The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 7.6.6. This is due to the plugin improperly restricting user meta values that can be updated and allowing users t...