CVE-2026-32394
- EPSS 0.03%
- Veröffentlicht 13.03.2026 11:42:11
- Zuletzt bearbeitet 16.03.2026 16:16:15
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0...
CVE-2022-3366
- EPSS 0.86%
- Veröffentlicht 31.10.2022 16:15:11
- Zuletzt bearbeitet 06.05.2025 21:15:53
The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite Word...
CVE-2021-25032
- EPSS 81.89%
- Veröffentlicht 10.01.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:13
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the o...