CWE-862
Allowed-with-ReviewMissing Authorization
Abstraction: Class · Status: Incomplete
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
14599 vulnerabilities reference this CWE, most recent first.
GHSA-W36Q-8FFJ-6HQ6
Vulnerability from github – Published: 2025-08-28 06:30 – Updated: 2025-08-28 06:30The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.
{
"affected": [],
"aliases": [
"CVE-2025-7956"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-28T06:15:31Z",
"severity": "MODERATE"
},
"details": "The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100\u2011character windows.",
"id": "GHSA-w36q-8ffj-6hq6",
"modified": "2025-08-28T06:30:57Z",
"published": "2025-08-28T06:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7956"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/ajax-search-lite/tags/4.13.1/includes/classes/ajax/class-asl-search.php#L37"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3349881"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/ajax-search-lite/#developers"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/daa9c3dd-e8cf-4696-bc0c-4088509f89db?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W37G-M6QW-H883
Vulnerability from github – Published: 2025-09-05 15:31 – Updated: 2026-04-01 18:36Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3.
{
"affected": [],
"aliases": [
"CVE-2025-58816"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T14:15:52Z",
"severity": "LOW"
},
"details": "Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3.",
"id": "GHSA-w37g-m6qw-h883",
"modified": "2026-04-01T18:36:05Z",
"published": "2025-09-05T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58816"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ecommerce-product-carousel-slider-for-elementor/vulnerability/wordpress-product-carousel-slider-for-elementor-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-W388-2392-PX73
Vulnerability from github – Published: 2026-05-29 22:57 – Updated: 2026-05-29 22:57Summary
Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/{workspace_id}/members/{user_id} endpoint is gated only by require_workspace_member(workspace_id) (default min_role="member"). Any member can remove any other member, including the workspace owner, using a single DELETE. There is no caller-role check, no target-role check, no "cannot remove last owner" guard.
File: src/praisonai-platform/praisonai_platform/api/routes/workspaces.py, lines 130-140; services/member_service.py, lines 71-78.
Root cause: MemberService.remove(workspace_id, user_id) performs the deletion without any caller-permission check or owner-protection logic. The route accepts the URL-supplied user_id and dispatches it straight through. The role hierarchy (MemberService.has_role) is implemented but never invoked here. A member-tier attacker can issue DELETE .../members/<owner_user_id> and immediately lock the legitimate owner out of the workspace.
Affected Code
File 1: src/praisonai-platform/praisonai_platform/api/routes/workspaces.py, lines 130-140.
@router.delete("/{workspace_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
async def remove_member(
workspace_id: str,
user_id: str,
user: AuthIdentity = Depends(require_workspace_member), # <-- BUG: defaults to min_role="member"
session: AsyncSession = Depends(get_db),
):
member_svc = MemberService(session)
removed = await member_svc.remove(workspace_id, user_id) # <-- removes any member, including owner
if not removed:
raise HTTPException(status_code=404, detail="Member not found")
File 2: src/praisonai-platform/praisonai_platform/services/member_service.py, lines 71-78.
async def remove(self, workspace_id: str, user_id: str) -> bool:
"""Remove a member from a workspace."""
member = await self.get(workspace_id, user_id)
if member is None:
return False
await self._session.delete(member) # <-- BUG: no caller-role check, no last-owner protection
await self._session.flush()
return True
Why it's wrong: member-removal is the textbook capability that must be gated on owner role. Removing the workspace owner is a permanent denial-of-service against the legitimate owner unless another owner exists. There must be (a) a caller min-role gate of "owner" or "admin", (b) a check that prevents removing a member whose role is higher than the caller's, and (c) a check that the workspace is left with at least one owner. None of these exist.
Exploit Chain
- Attacker is a member of workspace
Wwith role "member". State: attacker holds JWT. - Attacker enumerates the workspace owner's
user_idviaGET /workspaces/W/members(list_members has the same default-member gate, separate finding). Owner UUIDO_idis now known. State: attacker holdsO_id. - Attacker sends
DELETE /workspaces/W/members/O_idwithAuthorization: Bearer <attacker_jwt>. State: control flow entersremove_member. require_workspace_member(W, attacker)passes (attacker is a member).MemberService.remove(W, O_id)deletes the owner's member row. State:Member(workspace_id=W, user_id=O_id, role="owner")is gone.- Owner attempts
GET /workspaces/W/...andrequire_workspace_member(W, O_id)returns 403. State: legitimate owner is now locked out of their own workspace. - Combined with the
update_member_rolecompanion advisory, the attacker first promotes themselves to owner, then removes the legitimate owner, then has uncontested control. Combined withdelete_workspace, the attacker wipes the workspace after kicking the owner. - Final state: with one member-level token, the attacker locks the legitimate owner out of their own workspace permanently. The owner has no recourse other than database-level admin intervention.
Security Impact
Severity: sec-high. CVSS 8.1: network attack, low complexity, low privileges, no user interaction, scope unchanged, no confidentiality, high integrity (membership table corrupted), high availability (legitimate owner cannot access their own workspace).
Attacker capability: with one workspace-member token plus one DELETE request, the attacker permanently locks any other member (including the workspace owner) out of the workspace.
Preconditions: praisonai-platform is deployed multi-tenant; attacker has any membership token; owner's user_id is reachable via the (unauthenticated-for-member) list_members endpoint.
Differential: source-inspection-verified. The asymmetry between require_workspace_member's tunable min_role parameter and this endpoint's use of the default value confirms the gap. With the suggested fix below, member-tier tokens fail the gate, and removing the workspace's last owner triggers the additional guard.
Suggested Fix
--- a/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py
+++ b/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py
@@ -130,11 +130,21 @@
@router.delete("/{workspace_id}/members/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
async def remove_member(
workspace_id: str,
user_id: str,
- user: AuthIdentity = Depends(require_workspace_member),
+ user: AuthIdentity = Depends(_require_workspace_owner),
session: AsyncSession = Depends(get_db),
):
member_svc = MemberService(session)
+ target = await member_svc.get(workspace_id, user_id)
+ if target is not None and target.role == "owner":
+ # Refuse to remove the last owner.
+ owners = [m for m in await member_svc.list_members(workspace_id) if m.role == "owner"]
+ if len(owners) <= 1:
+ raise HTTPException(status_code=409, detail="Cannot remove the last workspace owner")
removed = await member_svc.remove(workspace_id, user_id)
if not removed:
raise HTTPException(status_code=404, detail="Member not found")
The four companion workspace-mutation endpoints exhibit the same default-min-role gap and are filed as their own advisories.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.1.2"
},
"package": {
"ecosystem": "PyPI",
"name": "praisonai-platform"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47409"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T22:57:05Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\n**Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role=\"member\"`). Any member can remove any other member, including the workspace owner, using a single DELETE. There is no caller-role check, no target-role check, no \"cannot remove last owner\" guard.\n**File:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 130-140; `services/member_service.py`, lines 71-78.\n**Root cause:** `MemberService.remove(workspace_id, user_id)` performs the deletion without any caller-permission check or owner-protection logic. The route accepts the URL-supplied `user_id` and dispatches it straight through. The role hierarchy (`MemberService.has_role`) is implemented but never invoked here. A member-tier attacker can issue `DELETE .../members/\u003cowner_user_id\u003e` and immediately lock the legitimate owner out of the workspace.\n\n## Affected Code\n\n**File 1:** `src/praisonai-platform/praisonai_platform/api/routes/workspaces.py`, lines 130-140.\n\n```python\n@router.delete(\"/{workspace_id}/members/{user_id}\", status_code=status.HTTP_204_NO_CONTENT)\nasync def remove_member(\n workspace_id: str,\n user_id: str,\n user: AuthIdentity = Depends(require_workspace_member), # \u003c-- BUG: defaults to min_role=\"member\"\n session: AsyncSession = Depends(get_db),\n):\n member_svc = MemberService(session)\n removed = await member_svc.remove(workspace_id, user_id) # \u003c-- removes any member, including owner\n if not removed:\n raise HTTPException(status_code=404, detail=\"Member not found\")\n```\n\n**File 2:** `src/praisonai-platform/praisonai_platform/services/member_service.py`, lines 71-78.\n\n```python\nasync def remove(self, workspace_id: str, user_id: str) -\u003e bool:\n \"\"\"Remove a member from a workspace.\"\"\"\n member = await self.get(workspace_id, user_id)\n if member is None:\n return False\n await self._session.delete(member) # \u003c-- BUG: no caller-role check, no last-owner protection\n await self._session.flush()\n return True\n```\n\n**Why it\u0027s wrong:** member-removal is the textbook capability that must be gated on owner role. Removing the workspace owner is a permanent denial-of-service against the legitimate owner unless another owner exists. There must be (a) a caller min-role gate of \"owner\" or \"admin\", (b) a check that prevents removing a member whose role is higher than the caller\u0027s, and (c) a check that the workspace is left with at least one owner. None of these exist.\n\n## Exploit Chain\n\n1. Attacker is a member of workspace `W` with role \"member\". State: attacker holds JWT.\n2. Attacker enumerates the workspace owner\u0027s `user_id` via `GET /workspaces/W/members` (list_members has the same default-member gate, separate finding). Owner UUID `O_id` is now known. State: attacker holds `O_id`.\n3. Attacker sends `DELETE /workspaces/W/members/O_id` with `Authorization: Bearer \u003cattacker_jwt\u003e`. State: control flow enters `remove_member`.\n4. `require_workspace_member(W, attacker)` passes (attacker is a member). `MemberService.remove(W, O_id)` deletes the owner\u0027s member row. State: `Member(workspace_id=W, user_id=O_id, role=\"owner\")` is gone.\n5. Owner attempts `GET /workspaces/W/...` and `require_workspace_member(W, O_id)` returns 403. State: legitimate owner is now locked out of their own workspace.\n6. Combined with the `update_member_role` companion advisory, the attacker first promotes themselves to owner, then removes the legitimate owner, then has uncontested control. Combined with `delete_workspace`, the attacker wipes the workspace after kicking the owner.\n7. Final state: with one member-level token, the attacker locks the legitimate owner out of their own workspace permanently. The owner has no recourse other than database-level admin intervention.\n\n## Security Impact\n\n**Severity:** sec-high. CVSS 8.1: network attack, low complexity, low privileges, no user interaction, scope unchanged, no confidentiality, high integrity (membership table corrupted), high availability (legitimate owner cannot access their own workspace).\n**Attacker capability:** with one workspace-member token plus one DELETE request, the attacker permanently locks any other member (including the workspace owner) out of the workspace.\n**Preconditions:** `praisonai-platform` is deployed multi-tenant; attacker has any membership token; owner\u0027s user_id is reachable via the (unauthenticated-for-member) `list_members` endpoint.\n**Differential:** source-inspection-verified. The asymmetry between `require_workspace_member`\u0027s tunable `min_role` parameter and this endpoint\u0027s use of the default value confirms the gap. With the suggested fix below, member-tier tokens fail the gate, and removing the workspace\u0027s last owner triggers the additional guard.\n\n## Suggested Fix\n\n```diff\n--- a/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py\n+++ b/src/praisonai-platform/praisonai_platform/api/routes/workspaces.py\n@@ -130,11 +130,21 @@\n @router.delete(\"/{workspace_id}/members/{user_id}\", status_code=status.HTTP_204_NO_CONTENT)\n async def remove_member(\n workspace_id: str,\n user_id: str,\n- user: AuthIdentity = Depends(require_workspace_member),\n+ user: AuthIdentity = Depends(_require_workspace_owner),\n session: AsyncSession = Depends(get_db),\n ):\n member_svc = MemberService(session)\n+ target = await member_svc.get(workspace_id, user_id)\n+ if target is not None and target.role == \"owner\":\n+ # Refuse to remove the last owner.\n+ owners = [m for m in await member_svc.list_members(workspace_id) if m.role == \"owner\"]\n+ if len(owners) \u003c= 1:\n+ raise HTTPException(status_code=409, detail=\"Cannot remove the last workspace owner\")\n removed = await member_svc.remove(workspace_id, user_id)\n if not removed:\n raise HTTPException(status_code=404, detail=\"Member not found\")\n```\n\nThe four companion workspace-mutation endpoints exhibit the same default-min-role gap and are filed as their own advisories.",
"id": "GHSA-w388-2392-px73",
"modified": "2026-05-29T22:57:05Z",
"published": "2026-05-29T22:57:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-w388-2392-px73"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role"
}
GHSA-W388-5RJR-QX42
Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-06-06 09:30File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-31171"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T04:15:20Z",
"severity": "MODERATE"
},
"details": "File read permission bypass vulnerability in the kernel file system module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-w388-5rjr-qx42",
"modified": "2025-06-06T09:30:23Z",
"published": "2025-04-07T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31171"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/4"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W393-V2HQ-CQM8
Vulnerability from github – Published: 2025-12-18 09:30 – Updated: 2026-01-20 15:32Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.
{
"affected": [],
"aliases": [
"CVE-2025-54743"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T08:15:55Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.",
"id": "GHSA-w393-v2hq-cqm8",
"modified": "2026-01-20T15:32:21Z",
"published": "2025-12-18T09:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54743"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/download-after-email/vulnerability/wordpress-download-after-email-plugin-2-1-5-2-1-6-other-vulnerability-type-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/download-after-email/vulnerability/wordpress-download-after-email-plugin-2-1-5-2-1-6-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-W3F7-GQRP-CCCW
Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0.
{
"affected": [],
"aliases": [
"CVE-2024-54268"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T15:15:31Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0.",
"id": "GHSA-w3f7-gqrp-cccw",
"modified": "2026-04-01T18:32:43Z",
"published": "2024-12-13T15:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54268"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/so-widgets-bundle/vulnerability/wordpress-siteorigin-widgets-bundle-plugin-1-64-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W3FR-M559-RFGV
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502
{
"affected": [],
"aliases": [
"CVE-2021-0597"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-14T14:15:00Z",
"severity": "MODERATE"
},
"details": "In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502",
"id": "GHSA-w3fr-m559-rfgv",
"modified": "2022-05-24T19:08:00Z",
"published": "2022-05-24T19:08:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0597"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2021-07-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W3GM-VV58-WR55
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2023-10-27 16:27Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address.
Jenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to send test emails.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.2.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21676"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-16T15:13:30Z",
"nvd_published_at": "2021-06-30T17:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint.\n\nThis allows attackers with Overall/Read permission to send test emails to an attacker-specified email address.\n\nJenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to send test emails.",
"id": "GHSA-w3gm-vv58-wr55",
"modified": "2023-10-27T16:27:54Z",
"published": "2022-05-24T19:06:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21676"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/requests-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%282%29"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20(2)"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/30/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing permission check in Jenkins requests-plugin Plugin allows sending emails"
}
GHSA-W3H5-CHMF-JR89
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-01-20 15:32Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
{
"affected": [],
"aliases": [
"CVE-2025-63047"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:18:10Z",
"severity": "MODERATE"
},
"details": "Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through \u003c= 2.9.9.",
"id": "GHSA-w3h5-chmf-jr89",
"modified": "2026-01-20T15:32:03Z",
"published": "2025-12-09T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63047"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/listingpro/vulnerability/wordpress-listingpro-theme-2-9-9-broken-access-control-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Theme/listingpro/vulnerability/wordpress-listingpro-theme-2-9-9-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W3JQ-WQPH-2FHR
Vulnerability from github – Published: 2024-09-25 03:30 – Updated: 2024-09-25 03:30The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
{
"affected": [],
"aliases": [
"CVE-2024-8349"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-25T03:15:03Z",
"severity": "HIGH"
},
"details": "The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.",
"id": "GHSA-w3jq-wqph-2fhr",
"modified": "2024-09-25T03:30:36Z",
"published": "2024-09-25T03:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8349"
},
{
"type": "WEB",
"url": "https://github.com/karlemilnikka/CVE-2024-8349-and-CVE-2024-8350"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.