3 matches found
CVE-2026-55880 OpenReplay: Cross-user IDOR in notes and dashboard widgets
OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...
EUVD-2015-5454
Malware in sbrugna...
CVE-2024-13703 CRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitaajaxtoggleae function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers, with Subscriber-level...