Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-0442

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-07 Mar, 2022 | 08:16
Updated At-02 Aug, 2024 | 23:25
Rejected At-
Credits

UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:07 Mar, 2022 | 08:16
Updated At:02 Aug, 2024 | 23:25
Rejected At:
▼CVE Numbering Authority (CNA)
UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Affected Products
Vendor
Unknown
Product
UsersWP – User Registration & User Profile
Versions
Affected
  • From 1.2.3.1 before 1.2.3.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Felipe de Avila
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692
x_refsource_MISC
Hyperlink: https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692
x_refsource_MISC
x_transferred
Hyperlink: https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:07 Mar, 2022 | 09:15
Updated At:20 Jul, 2023 | 17:46

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
ayecode
ayecode
>>userswp>>Versions before 1.2.3.1(exclusive)
cpe:2.3:a:ayecode:userswp:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarynvd@nist.gov
CWE-639Secondarycontact@wpscan.com
CWE ID: CWE-639
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-639
Type: Secondary
Source: contact@wpscan.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

167Records found
CVE-2024-12132
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 76.40%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 08:22
Updated-08 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal – AI-Powered Recruitment System for Company or Job Board website
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-11275
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.14%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 08:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.

Action-Not Available
Vendor-arraytics
Product-Timetics – Appointment Booking & Scheduling
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-7198
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 29.97%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 08:30
Updated-01 May, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.

Action-Not Available
Vendor-jeroensormaniUnknownwp-dashboard-notes
Product-wp_dashboard_notesWP Dashboard Noteswp_dashboard_notes
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-6506
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 06:49
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.

Action-Not Available
Vendor-wpwhitesecuritymelapress
Product-wp_2faWP 2FA – Two-factor authentication for WordPress
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-6384
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.19%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 19:14
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

Action-Not Available
Vendor-wp-eventmanagerUnknown
Product-user_profile_avatarWP User Profile Avatar
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-49765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 18:29
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1.

Action-Not Available
Vendor-blazzdevBlaz K.
Product-rate_my_postRate my Post – WP Rating System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-50267
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.21%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 15:13
Updated-09 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MeterSphere horizontal privilege escalation vulnerability of resources in project scope.

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.

Action-Not Available
Vendor-MeterSphere (FIT2CLOUD Inc.)
Product-meterspheremetersphere
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-13110
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 12:22
Updated-08 Apr, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to create product messenger subscriptions on behalf of arbitrary users, including administrators.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-HUSKY – Products Filter Professional for WooCommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-13382
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 07:28
Updated-08 Apr, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming

The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 23.4. This is due to the plugin not validating file ownership before processing file rename requests in the '/wpfm/v1/file-rename' REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to rename files uploaded by other users via the 'fileid' parameter.

Action-Not Available
Vendor-nmedia
Product-Frontend File Manager Plugin
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-13452
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.59%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 07:28
Updated-08 Apr, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided. This makes it possible for unauthenticated attackers to impersonate any WordPress user and inject arbitrary messages into any WooCommerce order conversation by directly calling the REST endpoint with controlled user_id, order_id, and context parameters.

Action-Not Available
Vendor-nmedia
Product-Admin and Customer Messages After Order for WooCommerce: OrderConvo
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12366
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.03%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 03:27
Updated-08 Apr, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayer_replace_page function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace media files belonging to other users, including administrators.

Action-Not Available
Vendor-softaculous
Product-Page Builder: Pagelayer – Drag and Drop website builder
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12071
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.08%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 04:35
Updated-08 Apr, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify arbitrary notes that do not belong to them.

Action-Not Available
Vendor-absikandar
Product-Frontend User Notes
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12087
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 04:29
Updated-08 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlm_remove_added_wishlist_page' AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete wishlist items from other user's wishlists.

Action-Not Available
Vendor-Acowebs (Acodez IT Solutions Pvt. Ltd.)
Product-Wishlist and Save for later for Woocommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-11176
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 10.52%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 05:23
Updated-08 Apr, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to change or remove featured images of other user's posts.

Action-Not Available
Vendor-kybernetikservices
Product-Quick Featured Images
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-10570
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.15%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 06:40
Updated-08 Apr, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit refund requests for arbitrary orders that they do not own.

Action-Not Available
Vendor-wpdesk
Product-Flexible Refund and Return Order for WooCommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-3700
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 5.60%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 06:16
Updated-30 Oct, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentsalextselegidis/easyappointments
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-48304
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 22:06
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found