mishubd 漏洞與 CVE 列表(4)

產品(CPE): — CVE 數: 4

mishubd 漏洞概覽

mishubd 相關的公開 CVE 漏洞與安全風險資訊,提供 CVSS、EPSS、公開時間與漏洞情報資料,協助評估潛在風險與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 144 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-5956 The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $_POST['delete'] array and passes each ID directly to wp_delete_user() without verifying that the caller has the delete_users capability or limiting which user IDs may be removed. This makes it possible for authenticated attackers, with Empl [email protected] 6.5 0.29% 2025-07-03 2026-06-17
CVE-2025-5953 The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated [email protected] 8.8 0.36% 2025-07-03 2026-06-17
CVE-2019-9574 The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. [email protected] 7.5 2.41% 2019-03-05 2026-06-16
CVE-2019-9573 The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. [email protected] 7.5 1.80% 2019-03-05 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence