CVE-2025-12579

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

EUVD-2025-199787

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579 Reuters Direct <= 3.0.0 - Missing Authorization to Unauthenticated Settings Reset

The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings...

CVE-2025-12579

CVE-2025-12579 affects the Reuters Direct WordPress plugin. The vulnerability is a missing capability check on the logoff action in all versions up to and including 3.0.0, enabling unauthenticated attackers to reset the plugin’s settings (unauthorized modification of data). Connected sources conf...

EUVD-2008-5712

Malware in sbrugna...

EUVD-2013-2629

Malware in sbrugna...

CVE-2013-2690

SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action...

Sql injection

SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action...

CVE-2013-2690

CVE-2013-2690 is a SQL injection vulnerability in the SynConnect 2.0 login flow of Synchroweb Technology. The flaw affects index.php where an attacker can manipulate the loginid parameter in a logoff action to execute arbitrary SQL commands. Reported in NVD with a base score of 7.5 (HIGH) and net...