CGA-4QH5-C7FR-956H

Bulletin has no description...

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

PT-2024-34664 · WordPress · Login With Phone Number

Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to 1.7.26 Description: The issue is related to authentication bypass due to the activation code default value being empty and a missing not empty check in the lwp ajax register function...

Customer Email Verification for WooCommerce < 2.7.5 - Authentication Bypass

Description The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to...

CVE-2024-4185

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the...

CVE-2024-4185 Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the...

CVE-2024-4185

The Customer Email Verification for WooCommerce plugin for WordPress (emails-verification-for-woocommerce) contains an Email Verification and Authentication Bypass in all versions up to 2.7.4 due to insufficiently random activation codes. This allows unauthenticated attackers to bypass email veri...

WordPress plugin Customer Email Verification for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-29596 · WordPress · Customer Email Verification For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Email Verification for WooCommerce plugin for WordPress versions up to 2.7.4 Description: The issue concerns the Customer Email Verification for WooCommerce plugin for WordPress, which is vulnerable to email verification and...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

PT-2022-17101 · WordPress · Simple Banner

Name of the Vulnerable Software and Affected Versions: Simple Banner plugin for WordPress versions up to and including 2.11.0 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers to inject arbitrary web scripts via the pro versio...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44309)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Payments versions prior to 3.7.0.1,...

CVE-2021-24239

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaioncode GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue...

Showmax: https://secure.showmax.com/profile/payments

As part of testing user credentials distribution the security researchers were awarded 3 different activation codes, each one granting them subscription for a different country. The researcher reported that it's possible to use a code for country "A" with account associated to country "B". Such...

Nessus Essentials with offline registration and plugin updates

In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share. Lets say you need to scan a host in a critical autonomous segment whe...

CVE-2020-14015

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a...

Default credentials

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a...

CVE-2020-14015

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a...

River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code Vulnerable Software: River Past Cam Do 3.7.6 Vendor Homepage: http://www.flexhex.com Version: 3.7.6 Software Link:...