2 matches found
WordPress ForumWP – Forum & Discussion Board plugin <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Display Name vulnerability discovered by Sergej Ljubojevic in WordPress Plugin ForumWP versions = 2.1.6...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...