CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

CVE-2025-12929 SourceCodester Survey Application System LoginRegistration.php update_user sql injection

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

CVE-2025-12929 SourceCodester Survey Application System LoginRegistration.php update_user sql injection

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

CVE-2025-47646

Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through = 1.13...

CVE-2024-8874

The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to...

PT-2025-20486 · WordPress · Frontend Login/Registration Blocks

Name of the Vulnerable Software and Affected Versions: Frontend Login and Registration Blocks plugin for WordPress versions 1.0.0 through 1.0.7 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identi...

WordPress plugin Custom Login and Registration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2025-46535

Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0...

CVE-2025-46535 WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0...

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users PoC On a site with the User Login/Registration widget active, have an unauthenticated user send...

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users On a site with the User Login/Registration widget active, have an unauthenticated user send a...

UBUNTU-CVE-2024-33918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23...

WordPress AJAX Login and Registration modal popup + inline form plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin AJAX Login and Registration modal popup + inline form versions = 2.23...

CVE-2024-0264

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The...

CVE-2023-46201

Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6...

CVE-2023-1687

A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file LoginRegistration.php?a=registeruser. The manipulation of the argument Fullname leads to cross site scripting. It is possible to launch the...

PT-2022-10515 · Unknown · Veryfitpro

Name of the Vulnerable Software and Affected Versions: VeryFitPro version 3.2.8 Description: The issue allows an attacker in possession of a hashed password to take over a user's account. This is because the password is hashed locally on the device and the hash is used for authentication with the...

UBUNTU-CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

CVE-2021-42168

Cross Site Scripting XSS in Sourcecodester Try My Recipe Recipe Sharing Website - CMS by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the loginregistration page...

CVE-2021-42168

Cross Site Scripting XSS in Sourcecodester Try My Recipe Recipe Sharing Website - CMS by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the loginregistration page...