CVE-2013-10013

The CVE concerns the Bricco Authenticator Plugin, specifically the DBAuthenticator.java authenticate/compare path. The vulnerability allows SQL injection due to improper handling in that function. Affected versions are prior to 1.39. Upgrading to version 1.39 addresses the issue (patch a5456633ff...

Bricco Authenticator Plugin SQL注入漏洞

Bricco Authenticator Plugin is an open source Escenic plugin from Bricco that provides cookie-based authentication for publishing. Bricco Authenticator Plugin suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause sql injection...

PT-2023-10002 · Unknown · Bricco Authenticator Plugin

Name of the Vulnerable Software and Affected Versions: Bricco Authenticator Plugin versions prior to 1.39 Description: A critical issue was found in the Bricco Authenticator Plugin, affecting the authenticate/compare function of the DBAuthenticator.java file. This issue leads to sql injection...

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022 that combines both spyware and banking trojan characteristics. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...

CVE-2022-3994

The CVE-2022-3994 issue affects the Authenticator WordPress plugin prior to version 1.3.1. The root cause is the plugin not restricting subscribers from updating a site's feed access token, which may deny other users access to the feature in certain configurations. The documented impact is increa...

WordPress plugin Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-13734 · WordPress · Authenticator

Name of the Vulnerable Software and Affected Versions: Authenticator WordPress plugin versions prior to 1.3.1 Description: The issue arises from the plugin's failure to restrict subscribers from updating a site's feed access token. This could potentially deny other users access to certain...

WordPress miniOrange Two-Factor Authentication plugin <= 5.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Calvin Alkan in WordPress miniOrange Two-Factor Authentication plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.6.2...

WordPress Google Authenticator has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

CVE-2022-42461

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

CVE-2022-42461

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

Improper access control

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

CVE-2022-42461

CVE-2022-42461 concerns a Broken Access Control issue in miniOrange’s Google Authenticator plugin for WordPress, affected versions ≤ 5.6.1. The vulnerability is described across multiple sources as an access-control flaw in the plugin’s settings/authorization flow, with no publicly documented exp...

CVE-2022-42461 WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

WordPress plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

Failures in Twitter’s Two-Factor Authentication System

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the...