12 matches found
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability
Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...
Bridgetech VBC Server & Element Manager ๅฎๅ จๆผๆด
Bridgetech VBC Server & Element Manager is a broadcast core software platform from Bridgetech Norway. A security vulnerability exists in Bridgetech VBC Server & Element Manager versions 6.5.0-10 and 6.5.0-9, which originates from a vulnerability that could allow an unauthorized attacker to delete...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2025-25967
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...
CVE-2023-43148
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery CSRF vulnerability that allows a remote attacker to delete all accounts...
PT-2022-27460 ยท Funkwhale ยท Funkwhale
Name of the Vulnerable Software and Affected Versions: Funkwhale version 1.2.8 Description: The issue concerns user invites that do not permanently expire after being used for signup. These invites can be used again even after an account associated with the invite has been deleted. Recommendation...
PESCMS ่ทจ็ซ่ฏทๆฑไผช้ ๆผๆด
PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to delete the accounts of admin and other members...
CVE-2021-34786
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system...
CVE-2019-19662
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...
CVE-2019-7551
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app...
How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link
It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction. A security researcher discovered a critical cross-site request forgery CSRF vulnerability in the most popular social media platform that could have...