15 matches found
Exploit for CVE-2026-8732
CVE-2026-8732 – WordPress WP Maps Pro Exploit Unauthenticat...
EUVD-2026-33251
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...
CVE-2026-8732
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...
CVE-2026-8732
Summary (concrete details): CVE-2026-8732 affects WP Maps Pro (WordPress plugin) up to and including version 6.1.0. The weakness arises from an unauthenticated privilege escalation via the wpgmp_temp_access_ajax AJAX action, which was publicly exposed and only nonce-protected. An unauthenticated ...
WordPress Magic Login Mail or QR Code plugin <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability
Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability discovered by ifoundbug in WordPress Plugin Magic Login Mail or QR Code versions = 2.05...
CVE-2026-2144
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...
CVE-2026-2144
Summary: The Magic Login Mail or QR Code plugin for WordPress (affected up to v2.05) stores the magic login QR code image as a predictable, static file (QR_Code.png) in the publicly accessible uploads dir during email sending. The file is deleted only after wp_mail() completes, creating a race co...
CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...
CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...
WordPress plugin Magic Login Mail or QR Code 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-8055
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QR Code.png in the publicly accessible WordPress uploads...
outline Security breaches
outline is the US-based outline open source used to provide the fastest wiki and knowledge base for growing teams. A security vulnerability exists in outline v0.76.1 and earlier versions, which originated from a vulnerability that allows an attacker to perform a session hijacking attack via user...
WordPress Magic Login API Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Magic Login API Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6d2c95bc7776 Credits Rafie Muhammad Patchstack Required...
DRUPAL-CONTRIB-2021-011
Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts. The lack of validation makes it possible for an adversary to forge valid login URLs and login to such an account. This vulnerabilit...
DRUPAL-CONTRIB-2019-075
Open Social is a Drupal distribution for online communities. The included social\magic\login module doesn't sufficiently validate magic login URLs for user accounts that do not have a local password, but login via external systems. The lack of validation makes it possible for an adversary to forg...