3 matches found
EUVD-2026-41409
Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...
PT-2026-55266
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...
WordPress Essential Addons for Elementor plugin <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via nomoreitemstext Parameter vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.27...