Lucene search
K

10 matches found

CVE
CVE
added 2026/05/07 2:59 a.m.12 views

CVE-2026-41660

Admidio prior to version 5.0.9 contains an inverted authorization check in two_factor_authentication.php that allows non-admin group leaders with profile edit rights on an admin account to strip that admin’s 2FA, compromising admin accounts. The issue is fixed in 5.0.9; upgrade to 5.0.9+ to mitig...

7.1CVSS5.7AI score0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 2:59 a.m.7 views

CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

7.1CVSS5.7AI score0.00297EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 9:49 p.m.10 views

Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP

Summary A logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A group leader with profile edit rights on an admin account can strip th...

7.1CVSS5.4AI score0.00297EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/25 3:15 a.m.4 views

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

7.2CVSS5.7AI score0.01164EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

WordPress plugin Uncanny Groups for LearnDash 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.2CVSS6.5AI score0.01164EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.5 views

PT-2024-38964 · WordPress · Uncanny Groups For Learndash

Name of the Vulnerable Software and Affected Versions: The Uncanny Groups for LearnDash plugin for WordPress versions up to, and including, 6.1.0.1 Description: The issue arises from the plugin's failure to properly restrict what users a group leader can edit. This allows authenticated attackers...

7.2CVSS6.7AI score0.01164EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2021/12/29 9:10 a.m.7 views

CVE-2021-25989 ifme - Stored Cross-Site Scripting (XSS) in Groups section

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...

5.4CVSS5.8AI score0.00615EPSS
Exploits1References2
NVD
NVD
added 2015/03/29 9:59 p.m.20 views

CVE-2015-2786

Unspecified vulnerability in MyBB aka MyBulletinBoard before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."...

10CVSS6.4AI score0.01366EPSS
Exploits0References2
Prion
Prion
added 2015/03/29 9:59 p.m.11 views

Design/Logic Flaw

Unspecified vulnerability in MyBB aka MyBulletinBoard before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."...

10CVSS7AI score0.01366EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/03/29 9:0 p.m.17 views

CVE-2015-2786

Unspecified vulnerability in MyBB aka MyBulletinBoard before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."...

6.4AI score0.01366EPSS
Exploits0References2
Rows per page
Query Builder