Tag

Unauthenticated

3 briefs RSS

WordPress Easy PayPal Events & Tickets Plugin Information Disclosure Vulnerability

An information disclosure vulnerability in the Easy PayPal Events & Tickets WordPress plugin (versions 1.3 and earlier) allows unauthenticated attackers to enumerate and retrieve all customer order records via the scan_qr.php endpoint.

Easy PayPal Events & Tickets plugin wordpress info-disclosure cve-2026-41471 unauthenticated enumeration

2r 1t 1c 4h ago

critical advisory

Weaver E-cology Unauthenticated RCE via Dubbo API Debug Endpoint

3 rules 1 TTP 1 CVE

Weaver E-cology 10.0 before 20260312 is vulnerable to unauthenticated remote code execution, allowing attackers to execute arbitrary commands by crafting a POST request to the /papi/esearch/data/devops/dubboApi/debug/method endpoint.

weaver e-cology rce unauthenticated cve-2026-22679

3r 1t 1c 3w ago

medium advisory

Brizy WordPress Plugin Unauthenticated Stored XSS Vulnerability

2 rules 1 TTP 1 CVE

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS) in versions up to and including 2.8.11, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the form Leads page due to missing nonce verification and improper handling of file upload fields.

Brizy – Page Builder plugin <= 2.8.11 wordpress xss unauthenticated

2r 1t 1c Jan 2, 2024