LogicalDOC Community Edition up to 9.2.1 fails to implement rate limiting on the admin login page (/login.jsp), allowing remote attackers to conduct brute-force authentication attacks with high complexity but difficult exploitability. Publicly available exploit code exists, though the vendor has not responded to early disclosure notification, and real-world exploitation risk remains low given the EPSS score of 0.16% and high attack complexity.
Stored cross-site scripting (XSS) in LogicalDOC Community Edition up to 9.2.1 allows authenticated users to inject malicious scripts via the API Key creation UI, affecting the integrity of user data and potentially enabling credential theft or session hijacking. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), but publicly available exploit code exists and the vendor has not responded to early disclosure notification.
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.