CWE-264

Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress.

Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.

Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress.

Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.

Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.

Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for…

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress.

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.

Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress.

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.

Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.

Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.

Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. Th…

An app with non-privileged access can change global system brightness and cause undesired system behavior.

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that…

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker t…

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation lea…

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.

Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 2652…

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial …

Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.

The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that a…

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate the…

A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.&nbsp; …

Memory corruption when an invoke call and a TEE call are bound for the same trusted application.

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitr…

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability.