Wisski
Monthly
Missing authorization controls in Drupal WissKI versions prior to 4.2.0 enable unauthenticated remote attackers to perform forceful browsing - directly accessing restricted resources by guessing or enumerating URLs without undergoing proper authorization checks. The affected versions span the entire release history from 0.0.0 through 4.2.0, making all prior deployments vulnerable. SSVC assessment confirms no active exploitation at time of analysis, and the EPSS score of 0.13% (3rd percentile) suggests very low real-world exploitation probability despite the automatable nature of the attack.
Missing authorization controls in Drupal WissKI versions prior to 4.2.0 enable unauthenticated remote attackers to perform forceful browsing - directly accessing restricted resources by guessing or enumerating URLs without undergoing proper authorization checks. The affected versions span the entire release history from 0.0.0 through 4.2.0, making all prior deployments vulnerable. SSVC assessment confirms no active exploitation at time of analysis, and the EPSS score of 0.13% (3rd percentile) suggests very low real-world exploitation probability despite the automatable nature of the attack.