BIT-JOOMLA-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220

This CVE (CVE-2026-35220) concerns Joomla! core (com_users) with an admin activation endpoint lacking CSRF token validation. The underlying issue enables a CSRF attack vector against the activation flow, as indicated by the description from multiple sources. The CVSS assessment (4.6, MEDIUM) refl...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

EUVD-2026-31889

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

PT-2026-43291

Name of the Vulnerable Software and Affected Versions com users affected versions not specified Description Lack of Cross-Site Request Forgery CSRF token validation—a mechanism used to prevent unauthorized commands from being transmitted from a user the web application trusts—leads to a CSRF atta...

CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

EUVD-2012-4851

Malware in sbrugna...

EUVD-2023-54333

Malicious code in bioql PyPI...

EUVD-2023-12545

Malicious code in bioql PyPI...

CVE-2023-1089

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0502

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

PT-2023-29295 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to register users as inactive during signup by manipulating parameters, thus blocking them from later accessing the system without the system admin activatin...

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-1087

The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2023-0497

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

PT-2023-16743 · WordPress · Wp Plugin Manager

Name of the Vulnerable Software and Affected Versions: WP Plugin Manager versions prior to 1.1.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...

Spooky Login Multiple HTML Injection Vulnerability

This is a user management program where the users can register themselves by providing their username and passwords for protecting their webcontents. This program provide features like remembering login with cookies, automatic login, extended user info, expire user by date, admin can activate...