Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-15723

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Sep, 2019 | 16:46
Updated At-05 Aug, 2024 | 00:56
Rejected At-
Credits

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Sep, 2019 | 16:46
Updated At:05 Aug, 2024 | 00:56
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab-ee/issues/11302
x_refsource_MISC
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
x_refsource_CONFIRM
Hyperlink: https://gitlab.com/gitlab-org/gitlab-ee/issues/11302
Resource:
x_refsource_MISC
Hyperlink: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/gitlab-org/gitlab-ee/issues/11302
x_refsource_MISC
x_transferred
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://gitlab.com/gitlab-org/gitlab-ee/issues/11302
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Sep, 2019 | 17:15
Updated At:24 Aug, 2020 | 17:37

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
GitLab Inc.
gitlab
>>gitlab>>Versions from 11.9.4(inclusive) to 11.10.1(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 11.9.4(inclusive) to 11.10.1(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/cve@mitre.org
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ee/issues/11302cve@mitre.org
Broken Link
Hyperlink: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://gitlab.com/gitlab-org/gitlab-ee/issues/11302
Source: cve@mitre.org
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

633Records found
CVE-2023-3869
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.66%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-05 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.

Action-Not Available
Vendor-gvectorsadvancedcoding
Product-wpdiscuzComments – wpDiscuz
CWE ID-CWE-862
Missing Authorization
CVE-2023-3998
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.66%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-05 Feb, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.

Action-Not Available
Vendor-gvectorsadvancedcoding
Product-wpdiscuzComments – wpDiscuz
CWE ID-CWE-862
Missing Authorization
CVE-2023-39305
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.18%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yet Another Stars Rating plugin <= 3.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in YetAnotherStarsRating.com Yet Another Stars Rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through 3.4.3.

Action-Not Available
Vendor-YetAnotherStarsRating.com
Product-Yet Another Stars Rating
CWE ID-CWE-862
Missing Authorization
CVE-2019-16236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 18:57
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

Action-Not Available
Vendor-dinon/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoradinon/a
CWE ID-CWE-862
Missing Authorization
CVE-2021-24839
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.56%
||
7 Day CHG-0.35%
Published-07 Feb, 2022 | 15:47
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.

Action-Not Available
Vendor-supportcandyUnknown
Product-supportcandySupportCandy – Helpdesk & Support Ticket System
CWE ID-CWE-862
Missing Authorization
CVE-2025-53295
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress iCount Payment Gateway plugin <= 2.0.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6.

Action-Not Available
Vendor-iCount
Product-iCount Payment Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2025-53986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3.2.10.

Action-Not Available
Vendor-Themeisle
Product-Hestia
CWE ID-CWE-862
Missing Authorization
CVE-2025-49987
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.

Action-Not Available
Vendor-WPFactory
Product-CRM ERP Business Solution
CWE ID-CWE-862
Missing Authorization
CVE-2019-15998
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:41
Updated-19 Nov, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asr_9904asr_9006asr_9912asr_9922asr_9010asr_9001ios_xrasr_9901Cisco IOS XR Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2025-5033
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.17%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 17:31
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XiaoBingby TeaCMS addUser cross-site request forgery

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-teacms_projectXiaoBingby
Product-teacmsTeaCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-49864
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-20 Jun, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.

Action-Not Available
Vendor-AFS Analytics
Product-AFS Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2025-49986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7.

Action-Not Available
Vendor-thanhtungtnt
Product-Video List Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-49993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.

Action-Not Available
Vendor-Cookie Script
Product-Cookie-Script.com
CWE ID-CWE-862
Missing Authorization
CVE-2025-5185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.10%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 12:31
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Summer Pearl Group Vacation Rental Management Platform cross-site request forgery

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-Summer Pearl Group
Product-Vacation Rental Management Platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-49997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Giveaways and Contests by RafflePress
CWE ID-CWE-862
Missing Authorization
CVE-2023-37969
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1.

Action-Not Available
Vendor-The African Boss
Product-Checkout with Zelle on Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-48166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.

Action-Not Available
Vendor-Bill Minozzi
Product-Stop and Block bots plugin Anti bots
CWE ID-CWE-862
Missing Authorization
CVE-2025-49270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.

Action-Not Available
Vendor-Mario Peshev
Product-WP-CRM System
CWE ID-CWE-862
Missing Authorization
CVE-2025-48337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:15
Updated-06 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

Action-Not Available
Vendor-QuickcabWP
Product-QuickCab
CWE ID-CWE-862
Missing Authorization
CVE-2025-4887
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.93%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 16:31
Updated-04 Jun, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student Clearance System cross-site request forgery

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterSenior Walter
Product-online_student_clearance_systemOnline Student Clearance System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-8335
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 22:02
Updated-05 Aug, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Car Rental System cross-site request forgery

A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_car_rental_systemSimple Car Rental System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2021-24978
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.24%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 17:21
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog

Action-Not Available
Vendor-b4afterUnknown
Product-osmapperOSMapper
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-17 Jun, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal
CWE ID-CWE-862
Missing Authorization
CVE-2025-48155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.

Action-Not Available
Vendor-Eniture, LLC
Product-Residential Address Detection
CWE ID-CWE-862
Missing Authorization
CVE-2025-49236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0.

Action-Not Available
Vendor-raychat
Product-Raychat
CWE ID-CWE-862
Missing Authorization
CVE-2025-49320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11.

Action-Not Available
Vendor-fraudlabspro
Product-FraudLabs Pro for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-48346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.

Action-Not Available
Vendor-Etsy360
Product-Embed and Integrate Etsy Shop
CWE ID-CWE-862
Missing Authorization
CVE-2025-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability

Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.

Action-Not Available
Vendor-PickPlugins
Product-Job Board Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-49509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 12:40
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.

Action-Not Available
Vendor-Roland Beaussant
Product-Audio Editor & Recorder
CWE ID-CWE-862
Missing Authorization
CVE-2020-10116
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.76%
||
7 Day CHG~0.00%
Published-17 Mar, 2020 | 14:36
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-48282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0.

Action-Not Available
Vendor-Majestic Support
Product-Majestic Support
CWE ID-CWE-862
Missing Authorization
CVE-2025-49406
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.63%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

Action-Not Available
Vendor-favethemes
Product-Houzez
CWE ID-CWE-862
Missing Authorization
CVE-2025-49432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.63%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 15:13
Updated-18 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player
CWE ID-CWE-862
Missing Authorization
CVE-2023-49192
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Enhanced Text Widget plugin <= 1.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.6.3.

Action-Not Available
Vendor-Clever Widgets
Product-Enhanced Text Widget
CWE ID-CWE-862
Missing Authorization
CVE-2025-47450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13.

Action-Not Available
Vendor-Mitchell Bennis
Product-Simple File List
CWE ID-CWE-862
Missing Authorization
CVE-2025-47486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Gutenberg & Elementor Templates Importer For Responsive
CWE ID-CWE-862
Missing Authorization
CVE-2025-47688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.44%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-23 May, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.

Action-Not Available
Vendor-advancedfilemanagerSaad Iqbal
Product-advanced_file_managerAdvanced File Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-38480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.18%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booster Elementor Addons plugin <= 1.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.

Action-Not Available
Vendor-Certain Dev
Product-Booster Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2023-38479
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.18%
||
7 Day CHG+0.02%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Googlebot Visit plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.

Action-Not Available
Vendor-Codents
Product-Simple Googlebot Visit
CWE ID-CWE-862
Missing Authorization
CVE-2021-24146
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-69.46% / 98.59%
||
7 Day CHG-15.58%
Published-18 Mar, 2021 | 14:57
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export

Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.

Action-Not Available
Vendor-webnusUnknown
Product-modern_events_calendar_liteModern Events Calendar Lite
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2025-46485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Customize Login Page: from n/a through 1.6.5.

Action-Not Available
Vendor-Carlo La Pera
Product-WP Customize Login Page
CWE ID-CWE-862
Missing Authorization
CVE-2019-10330
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.51%
||
7 Day CHG~0.00%
Published-31 May, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Action-Not Available
Vendor-giteaJenkins
Product-giteaJenkins Gitea Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-46489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1.

Action-Not Available
Vendor-vinodvaswani9
Product-Bulk Assign Linked Products For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-38783
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.50%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:17
Updated-20 Mar, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.

Action-Not Available
Vendor-tychesoftwaresTyche Softwarestychesoftwares
Product-arconix_faqArconix FAQacronix_faq
CWE ID-CWE-862
Missing Authorization
CVE-2025-46244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

Action-Not Available
Vendor-multidotsDotstore
Product-advanced_linked_variations_for_woocommerceAdvanced Linked Variations for Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-4327
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.45%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 06:31
Updated-12 Jun, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MRCMS cross-site request forgery

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.

Action-Not Available
Vendor-mrcmsn/a
Product-mrcmsMRCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-3997
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 5.59%
||
7 Day CHG+0.01%
Published-28 Apr, 2025 | 02:31
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dazhouda lecms Personal Information Page index.php cross-site request forgery

A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-dazhouda
Product-lecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-3979
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.08%
||
7 Day CHG+0.01%
Published-27 Apr, 2025 | 17:31
Updated-12 May, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dazhouda lecms Password Change index.php cross-site request forgery

A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-lecmsdazhouda
Product-lecmslecms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-4282
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.93%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:00
Updated-14 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-stock_management_systemStock Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2025-39388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:47
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.

Action-Not Available
Vendor-Solid Plugins
Product-AnalyticsWP
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 12
  • 13
  • Next
Details not found