Lucene search
+L

220 matches found

CVE
CVE
added 2025/08/23 6:43 a.m.26 views

CVE-2025-5060

CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...

8.1CVSS5.9AI score0.00376EPSS
Exploits0References2
CVE
CVE
added 2025/08/23 6:43 a.m.58 views

CVE-2025-5821

The CVE-2025-5821 case concerns the WordPress plugin Case Theme User (versions up to 1.0.3). The vulnerability is an Authentication Bypass caused by improper login handling in the facebook_ajax_login_callback() pathway, enabling unauthenticated attackers who have an existing site account and acce...

9.8CVSS6AI score0.00714EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.6 views

PT-2025-34522 · WordPress · Bravis User

Name of the Vulnerable Software and Affected Versions: Bravis User plugin for WordPress versions up to and including 1.0.0 Description: The plugin does not properly log in a user with data verified through the facebook ajax login callback function, leading to authentication bypass. This allows...

8.1CVSS6.8AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.13 views

PT-2025-34523

Name of the Vulnerable Software and Affected Versions: Case Theme User plugin for WordPress versions prior to 1.0.4 Description: The Case Theme User plugin for WordPress is susceptible to an authentication bypass. This issue stems from the plugin's failure to correctly log in a user with data...

9.8CVSS6.5AI score0.00714EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/08/17 5:11 a.m.8 views

CVE-2025-9009

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS7.7AI score0.00421EPSS
Exploits1References1
NVD
NVD
added 2025/08/16 3:15 a.m.6 views

CVE-2024-12575

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'aysfinishpoll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information...

5.3CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2025/08/16 2:24 a.m.21 views

CVE-2024-12575

CVE-2024-12575 relates to the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (≤ 5.8.9). The vulnerability is an unauthenticated basic information exposure exposed via the ajax action ays_finish_poll, allowing attackers to retrieve admin email information from poll respon...

5.3CVSS6.7AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2025/08/15 5:15 a.m.12 views

CVE-2025-9009

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS5.7AI score0.00421EPSS
Exploits1References5
NVD
NVD
added 2025/08/15 5:15 a.m.8 views

CVE-2025-9009

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS0.00421EPSS
Exploits1References5
CVE
CVE
added 2025/08/15 4:32 a.m.34 views

CVE-2025-9009

The CVE covers itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function in /admin/email_setup.php where manipulating the Name argument triggers SQL injection. The issue allows remote exploitation and the exploit has been disclosed publicly. Connected sources cons...

9.8CVSS7.6AI score0.00421EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.4 views

itsourcecode Online Tour and Travel Management System 注入漏洞

itsourcecode Online Tour and Travel Management System is itsourcecode open source an online tour and travel management system . An injection vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which originates from a SQL injection due to incorrect...

9.8CVSS7.7AI score0.00421EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.6 views

CVE-2024-3927

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

5.3CVSS5.9AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.5 views

CVE-2024-9531

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...

4.3CVSS5.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.9 views

CVE-2021-24803

The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...

8.8CVSS7AI score0.00618EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.8 views

CVE-2020-26802

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery CSRF in formalms/appCore/index.php?r=lms/profile/show≈=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover...

8.8CVSS7AI score0.00645EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 2:56 a.m.10 views

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

6.8CVSS7.6AI score0.00682EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/12 12:0 a.m.8 views

WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.6 views

WordPress plugin Frontend Dashboard 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

9.8CVSS8.7AI score0.00499EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/17 10:52 p.m.16 views

CVE-2025-26730

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0...

7.5CVSS8.6AI score0.00456EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 9:53 p.m.51 views

CVE-2025-26730

CVE-2025-26730 affects the WordPress plugin Macro Calculator with Admin Email Optin & Data (versions up to 1.0). Described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere , enabling access to confidential data. Reported base CVSSv3.1 score of 7.5 (HIGH) with netwo...

7.5CVSS8.6AI score0.00456EPSS
Exploits0References1
Rows per page
Query Builder