• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-639

CVE-2023-22471

February 22, 2023 by godfreyd94

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

CVE-2023-0558

February 22, 2023 by godfreyd94

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

CVE-2023-0453

February 22, 2023 by godfreyd94

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

CVE-2023-0550

February 22, 2023 by godfreyd94

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 48
  • Go to page 49
  • Go to page 50

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE