125 matches found
CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...
PT-2023-21078 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...
WordPress Plugin Groundhogg 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2023-0522
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-0522 Enable/Disable Auto Login when Register <= 1.1.0 - Settings Update via CSRF
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Enable/Disable Auto Login when Register 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Malicious code in nodebb-plugin-sso-auto-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3ab1b77199e67562a75d535a0d6c88f5d8d4c76b8df6d226e9528b0e050006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-634 Malicious code in nodebb-plugin-sso-auto-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3ab1b77199e67562a75d535a0d6c88f5d8d4c76b8df6d226e9528b0e050006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the implementation of automatic login for mobile devices in the virtual training environment Moodle allows a hacker to carry out a phishing attack and expose the protected information.
The vulnerability of the automatic login function in the Moodle virtual training system for mobile devices is related to improper cleaning of user data. Exploiting this vulnerability allows a malicious actor to carry out a phishing attack and disclose sensitive information through a specially...
Open Redirect
Moodle is vulnerable to open redirect. Lack of proper validation of auto login URL to be LOCAL URL allows an attacker to pass a URL to malicious website when clicked...
GHSA-243V-5PFF-QQFJ Moodle Open redirect risk in mobile auto-login feature
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...
Moodle Open redirect risk in mobile auto-login feature
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...
UBUNTU-CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...
CVE-2022-35652
CVE-2022-35652 describes an open redirect in Moodle due to improper sanitization of user-supplied data in the mobile auto-login feature. The root cause is lack of proper input sanitization, allowing a remote attacker to craft a link that points to a trusted site but redirects victims to an arbitr...
CVE-2020-27837
A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit...
PT-2022-4073 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in the mobile auto-login feature. A remote attacker can create a link that leads to a trusted...
CVE-2020-26546
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...