55 matches found
CVE-2025-15096
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...
PT-2026-7512
Name of the Vulnerable Software and Affected Versions Videospirecore Theme Plugin versions prior to 1.0.7 Description The 'Videospirecore Theme Plugin' for WordPress is susceptible to privilege escalation, potentially leading to account takeover. The issue arises from insufficient validation of a...
WordPress WP JobHunt plugin <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability
Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...
EUVD-2024-50723
Malicious code in bioql PyPI...
EUVD-2025-32289
Malicious code in bioql PyPI...
EUVD-2025-19677
Malicious code in bioql PyPI...
EUVD-2025-31575
Malicious code in bioql PyPI...
EUVD-2023-1233
Malicious code in bioql PyPI...
EUVD-2024-16944
Malicious code in bioql PyPI...
CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
CVE-2025-55795
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...
PT-2025-39831
Name of the Vulnerable Software and Affected Versions openml/openml.org web application version v2.0.20241110 Description The web application exhibits a flaw where insufficient email ownership verification during email update workflows, combined with incremental user IDs, allows an authenticated...
OpenML Frontend 安全漏洞
OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from insufficient validation of incremental user IDs and email ownership, and could lead to an attacker locking out a victim's account via an...
CVE-2025-55795
OpenML OpenML.org web app v2.0.20241110 is affected by CVE-2025-55795 due to incremental user IDs and insufficient email ownership verification during email updates. An authenticated attacker with a lower user ID can reassign their email to a higher-ID user, causing the victim to be locked out an...
CVE-2025-7718
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...
CVE-2025-4796
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...