Lucene search
K

125 matches found

Vulnrichment
Vulnrichment
added 2023/05/20 2:3 a.m.8 views

CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

7.5CVSS7.1AI score0.00399EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/20 2:3 a.m.20 views

CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS4.7AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.5 views

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

8CVSS7.9AI score0.00399EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.4 views

WordPress Plugin Groundhogg 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.3AI score0.00561EPSS
Exploits0References4
OSV
OSV
added 2023/05/08 2:15 p.m.3 views

CVE-2023-0522

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS6.9AI score0.00328EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/08 1:58 p.m.40 views

CVE-2023-0522 Enable/Disable Auto Login when Register <= 1.1.0 - Settings Update via CSRF

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.6AI score0.00328EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.14 views

WordPress plugin Enable/Disable Auto Login when Register 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS7AI score0.00328EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/20 4:32 p.m.4 views

Malicious code in nodebb-plugin-sso-auto-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3ab1b77199e67562a75d535a0d6c88f5d8d4c76b8df6d226e9528b0e050006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/04/20 4:32 p.m.13 views

MAL-2023-634 Malicious code in nodebb-plugin-sso-auto-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3ab1b77199e67562a75d535a0d6c88f5d8d4c76b8df6d226e9528b0e050006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.8 views

The vulnerability of the implementation of automatic login for mobile devices in the virtual training environment Moodle allows a hacker to carry out a phishing attack and expose the protected information.

The vulnerability of the automatic login function in the Moodle virtual training system for mobile devices is related to improper cleaning of user data. Exploiting this vulnerability allows a malicious actor to carry out a phishing attack and disclose sensitive information through a specially...

5CVSS6AI score0.00889EPSS
Exploits0References9Affected Software3
Veracode
Veracode
added 2022/07/26 9:33 a.m.29 views

Open Redirect

Moodle is vulnerable to open redirect. Lack of proper validation of auto login URL to be LOCAL URL allows an attacker to pass a URL to malicious website when clicked...

6.1CVSS7.6AI score0.00889EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/07/26 12:0 a.m.14 views

GHSA-243V-5PFF-QQFJ Moodle Open redirect risk in mobile auto-login feature

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

6.1CVSS6.7AI score0.00889EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/07/26 12:0 a.m.20 views

Moodle Open redirect risk in mobile auto-login feature

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

6.1CVSS7.2AI score0.00889EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/25 4:15 p.m.3 views

CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

6.1CVSS6.2AI score0.00889EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2022/07/25 4:15 p.m.36 views

CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

6.1CVSS6.2AI score0.00889EPSS
Exploits0References6
OSV
OSV
added 2022/07/25 4:15 p.m.2 views

UBUNTU-CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

6.1CVSS6.1AI score0.00889EPSS
Exploits0References7
CVE
CVE
added 2022/07/25 3:31 p.m.78 views

CVE-2022-35652

CVE-2022-35652 describes an open redirect in Moodle due to improper sanitization of user-supplied data in the mobile auto-login feature. The root cause is lack of proper input sanitization, allowing a remote attacker to craft a link that points to a trusted site but redirects victims to an arbitr...

6.1CVSS7.5AI score0.00889EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2020/12/16 2:58 p.m.38 views

CVE-2020-27837

A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit...

6.9CVSS1.9AI score0.00385EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.6 views

PT-2022-4073 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in the mobile auto-login feature. A remote attacker can create a link that leads to a trusted...

9.8CVSS6.2AI score0.49102EPSS
Exploits2References85
NVD
NVD
added 2020/10/12 7:15 p.m.18 views

CVE-2020-26546

An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS0.01284EPSS
Exploits0References2
Rows per page
Query Builder