CWE-284

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ‘wpr_import_library_template’ AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin’s template library.

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.

An unauthorized user could possibly delete any file on the system.

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.