Stop User Enumeration WordPress plugin - Authentication Bypass

Stop User Enumeration WordPress plugin 1.7.3 contains an authentication bypass caused by URL-encoding the REST API path /wp-json/wp/v2/users/, letting attackers bypass user enumeration restrictions, exploit requires crafted URL encoding. id: CVE-2025-4302 info: name: Stop User Enumeration WordPre...

PHOENIX CONTACT多款产品 安全漏洞

PHOENIX CONTACT FL MGUARD 2102, among others, are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL MGUARD 2102 is a router. PHOENIX CONTACT FL MGUARD 2105 is also a router. PHOENIX CONTACT FL MGUARD represents a series of routers. Several products from PHOENIX CONTACT have...

CVE-2026-4302

creationtimestamp| type| source ---|---|--- 2026-03-21 04:17:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhk6e67mfq2x...

EUVD-2026-4302

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

DLA-4302-1 node-sha.js - security update

Bulletin has no description...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302

creationtimestamp| type| source ---|---|--- 2025-07-17 10:43:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lu5qquihgh2w 2025-11-07 17:01:44+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4302.yaml 2025-11-08...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302 Stop User Enumeration < 1.7.3 - Protection Bypass

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

CVE-2025-4302

The CVE-2025-4302 issue affects the Stop User Enumeration WordPress plugin prior to version 1.7.3, where an authentication bypass is possible by URL-encoding the REST API path /wp-json/wp/v2/users/. This bypass defeats the plugin’s user-enumeration protections, and may facilitate brute-force atte...

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2021-4302

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2023:4302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in wlwz-2312-4302 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74f58d203fe7d3ca880bf5ff3e827c826715f4857255b9f3a92dfc4855347c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-559 Malicious code in wlwz-2312-4302 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74f58d203fe7d3ca880bf5ff3e827c826715f4857255b9f3a92dfc4855347c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4302

creationtimestamp| type| source ---|---|--- 2023-08-22 02:33:36+00:00| seen| https://t.me/cibsecurity/68916...

CVE-2023-4302

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-4302

CVE-2023-4302 affects Jenkins Fortify Plugin 22.1.38 and earlier. A missing permission check in multiple HTTP endpoints allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stored in Jenki...

CVE-2023-4302 Missing permission checks in Fortify Plugin allow capturing credentials

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...