3 matches found
CVE-2026-7167
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...
PT-2025-47944
Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /usapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...
CVE-2023-3076
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features...