UserPro <= 5.1.1 - Authentication Bypass

The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...

CVE-2026-2437

creationtimestamp| type| source ---|---|--- 2026-04-10 20:30:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj65zuptdr2f...

RockyLinux 9 : exfatprogs (RLSA-2024:2437)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2437 advisory. exfatprogs: exfatprogs allows out-of-bounds memory access CVE-2023-45897 Tenable has extracted the preceding description block directly from the RockyLinux securi...

RHEL 9 : exfatprogs (RHSA-2024:2437)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2437 advisory. The exfatprogs package contains utilities for formatting and repairing exFAT filesystems. Security Fixes: exfatprogs: exfatprogs allows out-of-bounds...

CVE-2024-2437

creationtimestamp| type| source ---|---|--- 2024-03-14 10:27:00+00:00| seen| https://t.me/ctinow/207602 2024-03-14 10:27:10+00:00| seen| https://t.me/ctinow/207609...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2437)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2437 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. ...

CVE-2023-2437

creationtimestamp| type| source ---|---|--- 2023-11-23 10:58:01+00:00| seen| https://t.me/CyberSecurityTechnologies/9447 2024-03-03 14:37:37+00:00| published-proof-of-concept| https://t.me/v3n0mhack/322 2024-08-16 08:51:05+00:00| seen| https://t.me/Rootsec2/1998 2024-08-16 08:51:14+00:00| seen|...

CVE-2023-2437

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

CVE-2023-2437

CVE-2023-2437 (UserPro WordPress plugin) is confirmed via connected data: WordPress UserPro

CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

CVE-2022-2437

creationtimestamp| type| source ---|---|--- 2022-07-18 20:39:40+00:00| seen| https://t.me/cibsecurity/46467...

CVE-2022-2437

CVE-2022-2437 affects the WordPress plugin Feed Them Social (versions up to and including 2.9.8.5). The vulnerability is described as deserialization of untrusted input through the fts_url parameter, enabling an unauthenticated attacker to trigger a PHAR wrapper to deserialize data and invoke arb...

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

mysql:8.0 security, bug fix, and enhancement update

An update is available for mecab-ipadic, mecab, mysql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server...

RHEL 7 / 8 : OpenShift Container Platform 4.8.2 (RHSA-2021:2437)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Oracle MySQL Server 8.0 <= 8.0.25 Security Update (cpujul2021) - Windows

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

CVE-2021-2437

CVE-2021-2437 affects Oracle MySQL Server (component: Server: Optimizer). The vulnerability is present in MySQL Server versions 8.0.25 and earlier. It is exploitable by a high-privilege attacker who has network access via multiple protocols, potentially leading to a hang or a frequently repeatabl...

SUSE: Security Advisory (SUSE-SU-2013:1257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:1255-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...