5 matches found
WordPress plugin Page-list 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-25633
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing authorization that allows access to assets. An attacker can access and download sensitive files and view their metadata by sending requests as an authenticated user without the necessary permission...
GHSA-GWMX-9GCJ-332H Statamic CMS's missing authorization allows access to assets
Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in the SessionHasPermissionToChannel function, even when the "Allow users to view archived channels" System Console settin...