VYPR

Plainpad

by Alextselegidis

Source repositories

CVEs (1)

  • CVE-2026-42562HigMay 9, 2026
    risk 0.47cvss 8.3epss 0.00

    Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and…