125 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-35652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link...
BIT-MOODLE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2025-6813
CVE-2025-6813 affects the WordPress plugin aapanel WP Toolkit (versions 1.0–1.1). The root cause is missing authorization checks in the auto_login() function, enabling authenticated users with Subscriber-level access and above to bypass role checks and gain full admin privileges. The CVE is curre...
WordPress Auto Login After Registration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Auto Login After Registration versions = 1.0.0...
CVE-2024-30262
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...
CVE-2023-0522
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-46201
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6...
CVE-2023-2736
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does no...
CVE-2024-7350
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...
PT-2024-38281 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions 1.1.6 through 1.1.7 Description: The issue is related to authentication bypass due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This allo...
PT-2024-5125 · Sicam Egs +1 · Sicam Egs +4
Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V5.40 SICORE Base system versions prior to V1.4.0 SICAM CP-8031, CP-8050, SICAM EGS affected versions not specified Description: The issue is related to the lack of necessary...
GHSA-R82W-3PHG-QVR4 Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
Moodle vulnerability CVE-2024-38277 concerns the QR login key and the auto-login key: a single key must not be reused between them. Connected docs (BIT-MOODLE-2024-38277) describe this exact issue, but do not provide concrete fix/version details. The impact/mitigation specifics are not fully disc...
PT-2024-27916 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...
PT-2024-25945 · Syracuse · Avantra Server
Name of the Vulnerable Software and Affected Versions: Avantra Server versions 24.0.0 through 24.0.6 Avantra Server versions 24.1.0 through 24.1.0 Description: The issue concerns the mishandling of dashboard security. If a user can create a dashboard with an auto-login user, data disclosure may...
CVE-2024-30262
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...