Lucene search
+L

142 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
NVD
NVD
added 2022/06/13 1:15 p.m.28 views

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.3CVSS0.02621EPSS
Exploits2References1
Prion
Prion
added 2022/06/13 1:15 p.m.25 views

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5CVSS5.2AI score0.02621EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/13 1:15 p.m.20 views

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS4.5AI score0.00412EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.5 views

WordPress plugin HC Custom WP-Admin URL 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS5.6AI score0.00412EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.3 views

WordPress plugin HC Custom WP-Admin URL 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS5.7AI score0.02621EPSS
Exploits2References2
OSV
OSV
added 2022/05/02 4:15 p.m.5 views

CVE-2021-25102

The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redire...

4.7CVSS5.8AI score0.00726EPSS
Exploits2References1
OSV
OSV
added 2022/04/22 12:24 a.m.6 views

GHSA-483F-WXW9-3RPQ bbPress Cross-site Scripting (XSS) vulnerability

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...

6.1CVSS6AI score0.0082EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/01/14 4:35 a.m.8 views

CVE-2022-22054

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

6.5CVSS6.7AI score0.00452EPSS
Exploits0References2
NVD
NVD
added 2021/12/16 7:15 p.m.25 views

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...

6.4CVSS0.00656EPSS
Exploits0References2
OSV
OSV
added 2021/12/16 7:15 p.m.19 views

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as...

6.1CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2021/12/06 4:15 p.m.3 views

CVE-2021-24939

The LoginWP Formerly Peter's Login Redirect WordPress plugin before 3.0.0.5 does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.008EPSS
Exploits2References1
Prion
Prion
added 2020/12/15 6:15 p.m.18 views

Improper access control

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

6.4CVSS6.3AI score0.00744EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/12/15 5:0 p.m.6 views

CVE-2020-27147

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO...

6.5CVSS5.4AI score0.00744EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.9 views

TIBCO Partnerexpress Authorization Issues Vulnerability

TIBCO Partnerexpress is a Php-based barcode generator by product name platform from Egavilan Media TIBCO, USA. A security vulnerability exists in TIBCO PartnerExpress 6.2.0, which stems from the REST API component containing a vulnerability that could theoretically be exploited by an...

6.5CVSS6.6AI score0.00744EPSS
Exploits0References3
Drupal
Drupal
added 2020/05/27 12:0 a.m.18 views

Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021

This module enables you to force a password update when using password reset link. The module doesn't sufficiently validate the login URL allowing a malicious user to use a specially crafted URL to log in as another user...

6.7AI score
Exploits0References8
OSV
OSV
added 2019/12/31 5:15 p.m.4 views

CVE-2019-9206

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued...

6.1CVSS6.4AI score0.01167EPSS
Exploits2References2
OSV
OSV
added 2019/11/06 4:10 p.m.4 views

DRUPAL-CONTRIB-2019-075

Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...

6.3AI score
Exploits0References1
CNVD
CNVD
added 2019/09/03 12:0 a.m.16 views

WordPress login-or-logout-menu-item plugin redirection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. login-or-logout-menu-item is used in one of the website user login/logout function plugin. A security vulnerability exists...

6.1CVSS6.6AI score0.01467EPSS
Exploits1References1
OSV
OSV
added 2019/04/08 5:29 p.m.3 views

CVE-2019-10676

An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within t...

6.5CVSS6.5AI score0.02706EPSS
Exploits0References4
Rows per page
Query Builder