Common Weakness Enumeration

CWE-862

Allowed-with-Review

Missing Authorization

Abstraction: Class · Status: Incomplete

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

14568 vulnerabilities reference this CWE, most recent first.

GHSA-WJ7C-4F93-R89C

Vulnerability from github – Published: 2023-08-04 00:30 – Updated: 2024-04-04 06:32
VLAI
Details

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T22:15:11Z",
    "severity": "MODERATE"
  },
  "details": "The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint",
  "id": "GHSA-wj7c-4f93-r89c",
  "modified": "2024-04-04T06:32:23Z",
  "published": "2023-08-04T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30950"
    },
    {
      "type": "WEB",
      "url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJ8X-23V3-HGGR

Vulnerability from github – Published: 2025-11-10 15:31 – Updated: 2025-11-10 15:31
VLAI
Details

In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes",
  "id": "GHSA-wj8x-23v3-hggr",
  "modified": "2025-11-10T15:31:05Z",
  "published": "2025-11-10T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64690"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJCR-PCRW-P99X

Vulnerability from github – Published: 2025-04-09 18:30 – Updated: 2026-04-01 18:34
VLAI
Details

Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T17:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.",
  "id": "GHSA-wjcr-pcrw-p99x",
  "modified": "2026-04-01T18:34:34Z",
  "published": "2025-04-09T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31012"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/age-gate/vulnerability/wordpress-age-gate-3-5-4-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJG2-C55H-PHF5

Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31
VLAI
Details

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T00:15:49Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.",
  "id": "GHSA-wjg2-c55h-phf5",
  "modified": "2025-11-04T18:31:20Z",
  "published": "2024-09-17T00:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40852"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121250"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJMG-4CQ5-M8HG

Vulnerability from github – Published: 2026-03-11 00:12 – Updated: 2026-03-11 05:46
VLAI
Summary
Sylius is Missing Authorization in API v2 Add Item Endpoint
Details

Impact

The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue.

POST /api/v2/shop/orders/{tokenValue}/items

Other mutation endpoints (PUT, PATCH, DELETE) are not affected. API Platform loads the Order entity through the state provider for these operations, which triggers VisitorBasedExtension and returns 404 for unauthorized users.

An attacker who obtains a cart tokenValue can add arbitrary items to another customer's cart. The endpoint returns the full cart representation in the response (HTTP 201), potentially leaking:

  • Customer email address
  • Cart contents (products, quantities, prices)
  • Address data (billing and shipping if set)
  • Payment and shipment IDs
  • Order totals and tax breakdown
  • Checkout state

Patches

The issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3, and above.

Workarounds

Add an ownership check in AddItemToCartHandler by injecting UserContextInterface and verifying the current user matches the cart owner before adding items.

Step 1. Patch the handler

Create new src/CommandHandler/Cart/AddItemToCartHandler.php:

<?php

declare(strict_types=1);

namespace App\CommandHandler\Cart;

use Sylius\Bundle\ApiBundle\Command\Cart\AddItemToCart;
use Sylius\Bundle\ApiBundle\Context\UserContextInterface;
use Sylius\Component\Core\Factory\CartItemFactoryInterface;
use Sylius\Component\Core\Model\OrderInterface;
use Sylius\Component\Core\Model\OrderItemInterface;
use Sylius\Component\Core\Model\ProductVariantInterface;
use Sylius\Component\Core\Model\ShopUserInterface;
use Sylius\Component\Core\Repository\OrderRepositoryInterface;
use Sylius\Component\Core\Repository\ProductVariantRepositoryInterface;
use Sylius\Component\Order\Modifier\OrderItemQuantityModifierInterface;
use Sylius\Component\Order\Modifier\OrderModifierInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Messenger\Attribute\AsMessageHandler;

#[AsMessageHandler]
final readonly class AddItemToCartHandler
{
    public function __construct(
        private OrderRepositoryInterface $orderRepository,
        private ProductVariantRepositoryInterface $productVariantRepository,
        private OrderModifierInterface $orderModifier,
        private CartItemFactoryInterface $cartItemFactory,
        private OrderItemQuantityModifierInterface $orderItemQuantityModifier,
        private UserContextInterface $userContext,
    ) {
    }

    public function __invoke(AddItemToCart $addItemToCart): OrderInterface
    {
        /** @var ProductVariantInterface|null $productVariant */
        $productVariant = $this->productVariantRepository->findOneBy(['code' => $addItemToCart->productVariantCode]);

        if ($productVariant === null) {
            throw new \InvalidArgumentException('Product variant with given code has not been found.');
        }

        /** @var OrderInterface|null $cart */
        $cart = $this->orderRepository->findCartByTokenValue($addItemToCart->orderTokenValue);

        if ($cart === null) {
            throw new \InvalidArgumentException('Cart with given token has not been found.');
        }

        $this->assertCartAccessible($cart);

        /** @var OrderItemInterface $cartItem */
        $cartItem = $this->cartItemFactory->createNew();
        $cartItem->setVariant($productVariant);

        $this->orderItemQuantityModifier->modify($cartItem, $addItemToCart->quantity);
        $this->orderModifier->addToOrder($cart, $cartItem);

        return $cart;
    }

    private function assertCartAccessible(OrderInterface $cart): void
    {
        if ($cart->isCreatedByGuest()) {
            return;
        }

        $cartCustomer = $cart->getCustomer();

        if (null === $cartCustomer || null === $cartCustomer->getUser()) {
            return;
        }

        $currentUser = $this->userContext->getUser();

        if (
            $currentUser instanceof ShopUserInterface
            && $currentUser->getCustomer()?->getId() === $cartCustomer->getId()
        ) {
            return;
        }

        throw new NotFoundHttpException('Cart not found.');
    }
}

Step 2. Override the service

# config/services.yaml

services:
    App\:
        resource: '../src/*'
-       exclude: '../src/{Entity,Kernel.php}'                                                                         
+       exclude: '../src/{Entity,Kernel.php,CommandHandler}'

    sylius_api.command_handler.cart.add_item_to_cart:
        class: App\CommandHandler\Cart\AddItemToCartHandler
        arguments:
            $orderRepository: '@sylius.repository.order'
            $productVariantRepository: '@sylius.repository.product_variant'
            $orderModifier: '@sylius.modifier.order'
            $cartItemFactory: '@sylius.factory.order_item'
            $orderItemQuantityModifier: '@sylius.modifier.order_item_quantity'
            $userContext: '@Sylius\Bundle\ApiBundle\Context\UserContextInterface'
        tags:
            - { name: messenger.message_handler, bus: sylius.command_bus }

Step 3. Clear cache

bin/console cache:clear

Reporters

We would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability: - @rokorolov

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.15"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.11"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2.2"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T00:12:54Z",
    "nvd_published_at": "2026-03-10T22:16:19Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe `POST /api/v2/shop/orders/{tokenValue}/items` endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers\u0027 carts by knowing the cart `tokenValue`.\n\n```\nPOST /api/v2/shop/orders/{tokenValue}/items\n```\n\nOther mutation endpoints (PUT, PATCH, DELETE) are **not affected**. API Platform loads the Order entity through the state provider for these operations, which triggers `VisitorBasedExtension` and returns 404 for unauthorized users.\n\nAn attacker who obtains a cart `tokenValue` can add arbitrary items to another customer\u0027s cart. The endpoint returns the full cart representation in the response (HTTP 201), potentially leaking:\n\n- Customer email address\n- Cart contents (products, quantities, prices)\n- Address data (billing and shipping if set)\n- Payment and shipment IDs\n- Order totals and tax breakdown\n- Checkout state\n\n### Patches\nThe issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3, and above.\n\n### Workarounds\nAdd an ownership check in `AddItemToCartHandler` by injecting `UserContextInterface` and verifying the current user matches the cart owner before adding items.\n\n#### Step 1. Patch the handler\n\nCreate new  `src/CommandHandler/Cart/AddItemToCartHandler.php`:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\CommandHandler\\Cart;\n\nuse Sylius\\Bundle\\ApiBundle\\Command\\Cart\\AddItemToCart;\nuse Sylius\\Bundle\\ApiBundle\\Context\\UserContextInterface;\nuse Sylius\\Component\\Core\\Factory\\CartItemFactoryInterface;\nuse Sylius\\Component\\Core\\Model\\OrderInterface;\nuse Sylius\\Component\\Core\\Model\\OrderItemInterface;\nuse Sylius\\Component\\Core\\Model\\ProductVariantInterface;\nuse Sylius\\Component\\Core\\Model\\ShopUserInterface;\nuse Sylius\\Component\\Core\\Repository\\OrderRepositoryInterface;\nuse Sylius\\Component\\Core\\Repository\\ProductVariantRepositoryInterface;\nuse Sylius\\Component\\Order\\Modifier\\OrderItemQuantityModifierInterface;\nuse Sylius\\Component\\Order\\Modifier\\OrderModifierInterface;\nuse Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException;\nuse Symfony\\Component\\Messenger\\Attribute\\AsMessageHandler;\n\n#[AsMessageHandler]\nfinal readonly class AddItemToCartHandler\n{\n    public function __construct(\n        private OrderRepositoryInterface $orderRepository,\n        private ProductVariantRepositoryInterface $productVariantRepository,\n        private OrderModifierInterface $orderModifier,\n        private CartItemFactoryInterface $cartItemFactory,\n        private OrderItemQuantityModifierInterface $orderItemQuantityModifier,\n        private UserContextInterface $userContext,\n    ) {\n    }\n\n    public function __invoke(AddItemToCart $addItemToCart): OrderInterface\n    {\n        /** @var ProductVariantInterface|null $productVariant */\n        $productVariant = $this-\u003eproductVariantRepository-\u003efindOneBy([\u0027code\u0027 =\u003e $addItemToCart-\u003eproductVariantCode]);\n\n        if ($productVariant === null) {\n            throw new \\InvalidArgumentException(\u0027Product variant with given code has not been found.\u0027);\n        }\n\n        /** @var OrderInterface|null $cart */\n        $cart = $this-\u003eorderRepository-\u003efindCartByTokenValue($addItemToCart-\u003eorderTokenValue);\n\n        if ($cart === null) {\n            throw new \\InvalidArgumentException(\u0027Cart with given token has not been found.\u0027);\n        }\n\n        $this-\u003eassertCartAccessible($cart);\n\n        /** @var OrderItemInterface $cartItem */\n        $cartItem = $this-\u003ecartItemFactory-\u003ecreateNew();\n        $cartItem-\u003esetVariant($productVariant);\n\n        $this-\u003eorderItemQuantityModifier-\u003emodify($cartItem, $addItemToCart-\u003equantity);\n        $this-\u003eorderModifier-\u003eaddToOrder($cart, $cartItem);\n\n        return $cart;\n    }\n\n    private function assertCartAccessible(OrderInterface $cart): void\n    {\n        if ($cart-\u003eisCreatedByGuest()) {\n            return;\n        }\n\n        $cartCustomer = $cart-\u003egetCustomer();\n\n        if (null === $cartCustomer || null === $cartCustomer-\u003egetUser()) {\n            return;\n        }\n\n        $currentUser = $this-\u003euserContext-\u003egetUser();\n\n        if (\n            $currentUser instanceof ShopUserInterface\n            \u0026\u0026 $currentUser-\u003egetCustomer()?-\u003egetId() === $cartCustomer-\u003egetId()\n        ) {\n            return;\n        }\n\n        throw new NotFoundHttpException(\u0027Cart not found.\u0027);\n    }\n}\n```\n\n#### Step 2. Override the service\n\n```diff\n# config/services.yaml\n\nservices:\n    App\\:\n        resource: \u0027../src/*\u0027\n-       exclude: \u0027../src/{Entity,Kernel.php}\u0027                                                                         \n+       exclude: \u0027../src/{Entity,Kernel.php,CommandHandler}\u0027\n\n    sylius_api.command_handler.cart.add_item_to_cart:\n        class: App\\CommandHandler\\Cart\\AddItemToCartHandler\n        arguments:\n            $orderRepository: \u0027@sylius.repository.order\u0027\n            $productVariantRepository: \u0027@sylius.repository.product_variant\u0027\n            $orderModifier: \u0027@sylius.modifier.order\u0027\n            $cartItemFactory: \u0027@sylius.factory.order_item\u0027\n            $orderItemQuantityModifier: \u0027@sylius.modifier.order_item_quantity\u0027\n            $userContext: \u0027@Sylius\\Bundle\\ApiBundle\\Context\\UserContextInterface\u0027\n        tags:\n            - { name: messenger.message_handler, bus: sylius.command_bus }\n```\n\n#### Step 3. Clear cache\n\n```bash\nbin/console cache:clear\n```\n\n### Reporters\n\nWe would like to extend our gratitude to the following individuals for their detailed reporting and responsible disclosure of this vulnerability:\n- @rokorolov\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen)\n- Email us at [security@sylius.com](mailto:security@sylius.com)",
  "id": "GHSA-wjmg-4cq5-m8hg",
  "modified": "2026-03-11T05:46:30Z",
  "published": "2026-03-11T00:12:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-wjmg-4cq5-m8hg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31821"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Sylius is Missing Authorization in API v2 Add Item Endpoint"
}

GHSA-WJMQ-RPQQ-W4H9

Vulnerability from github – Published: 2026-06-24 15:31 – Updated: 2026-06-24 18:32
VLAI
Details

Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T14:17:35Z",
    "severity": "MODERATE"
  },
  "details": "Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.",
  "id": "GHSA-wjmq-rpqq-w4h9",
  "modified": "2026-06-24T18:32:39Z",
  "published": "2026-06-24T15:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57291"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(1)"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJMR-V62X-4F45

Vulnerability from github – Published: 2024-04-09 21:31 – Updated: 2024-04-09 21:31
VLAI
Details

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T19:15:20Z",
    "severity": "MODERATE"
  },
  "details": "The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.",
  "id": "GHSA-wjmr-v62x-4f45",
  "modified": "2024-04-09T21:31:59Z",
  "published": "2024-04-09T21:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1904"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3050967/masterstudy-lms-learning-management-system"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJPQ-G983-5GX7

Vulnerability from github – Published: 2025-07-18 09:30 – Updated: 2025-07-18 09:30
VLAI
Details

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-18T07:15:28Z",
    "severity": "MODERATE"
  },
  "details": "The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",
  "id": "GHSA-wjpq-g983-5gx7",
  "modified": "2025-07-18T09:30:31Z",
  "published": "2025-07-18T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7772"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3309451%40wp-malware-removal\u0026new=3309451%40wp-malware-removal\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJQ5-2FC7-77V9

Vulnerability from github – Published: 2026-07-02 12:31 – Updated: 2026-07-02 12:31
VLAI
Details

Subscriber Broken Access Control in Booked <= 3.0.0 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57746"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-02T12:17:40Z",
    "severity": "HIGH"
  },
  "details": "Subscriber Broken Access Control in Booked \u003c= 3.0.0 versions.",
  "id": "GHSA-wjq5-2fc7-77v9",
  "modified": "2026-07-02T12:31:02Z",
  "published": "2026-07-02T12:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57746"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/booked/vulnerability/wordpress-booked-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WJW2-C8PQ-FW6M

Vulnerability from github – Published: 2025-08-01 06:31 – Updated: 2025-08-01 06:31
VLAI
Details

A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-01T05:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-wjw2-c8pq-fw6m",
  "modified": "2025-08-01T06:31:37Z",
  "published": "2025-08-01T06:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8435"
    },
    {
      "type": "WEB",
      "url": "https://github.com/i-Corner/cve/issues/15"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.318463"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.318463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.