220 matches found
CVE-2025-5060
CVE-2025-5060 refers to the Bravis User plugin for WordPress (versions up to 1.0.0) with an authentication bypass. The issue arises from improper handling of login data verified via the facebook_ajax_login_callback(), enabling unauthenticated attackers to log in as administrator users if they hav...
CVE-2025-5821
The CVE-2025-5821 case concerns the WordPress plugin Case Theme User (versions up to 1.0.3). The vulnerability is an Authentication Bypass caused by improper login handling in the facebook_ajax_login_callback() pathway, enabling unauthenticated attackers who have an existing site account and acce...
PT-2025-34522 · WordPress · Bravis User
Name of the Vulnerable Software and Affected Versions: Bravis User plugin for WordPress versions up to and including 1.0.0 Description: The plugin does not properly log in a user with data verified through the facebook ajax login callback function, leading to authentication bypass. This allows...
PT-2025-34523
Name of the Vulnerable Software and Affected Versions: Case Theme User plugin for WordPress versions prior to 1.0.4 Description: The Case Theme User plugin for WordPress is susceptible to an authentication bypass. This issue stems from the plugin's failure to correctly log in a user with data...
CVE-2025-9009
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2024-12575
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'aysfinishpoll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information...
CVE-2024-12575
CVE-2024-12575 relates to the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (≤ 5.8.9). The vulnerability is an unauthenticated basic information exposure exposed via the ajax action ays_finish_poll, allowing attackers to retrieve admin email information from poll respon...
CVE-2025-9009
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-9009
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-9009
The CVE covers itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function in /admin/email_setup.php where manipulating the Name argument triggers SQL injection. The issue allows remote exploitation and the exploit has been disclosed publicly. Connected sources cons...
itsourcecode Online Tour and Travel Management System 注入漏洞
itsourcecode Online Tour and Travel Management System is itsourcecode open source an online tour and travel management system . An injection vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which originates from a SQL injection due to incorrect...
CVE-2024-3927
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...
CVE-2024-9531
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...
CVE-2021-24803
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...
CVE-2020-26802
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery CSRF in formalms/appCore/index.php?r=lms/profile/show≈=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover...
CVE-2012-1227
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...
WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation
WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...
WordPress plugin Frontend Dashboard 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
CVE-2025-26730
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0...
CVE-2025-26730
CVE-2025-26730 affects the WordPress plugin Macro Calculator with Admin Email Optin & Data (versions up to 1.0). Described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere , enabling access to confidential data. Reported base CVSSv3.1 score of 7.5 (HIGH) with netwo...