Lucene search
K

9 matches found

CVE
CVE
added 2026/06/18 5:34 a.m.19 views

CVE-2026-12093

The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...

5.3CVSS5.5AI score0.00352EPSS
Exploits0References10
NVD
NVD
added 2026/04/15 9:16 a.m.6 views

CVE-2026-4002

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

4.3CVSS0.00163EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33024

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax revoke token function which handles the 'petjeaf disconnect' AJAX action. The function performs destructive operations...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References9
Veracode
Veracode
added 2024/05/27 6:36 a.m.12 views

Brute Force Attack

silverstripe/framework is vulnerable to Brute Force attacks. The vulnerability is due to the default Administrator accounts not being subject to the same brute force protection as other Member accounts, allowing unlimited login attempts...

7AI score
Exploits0
Talos
Talos
added 2022/12/21 12:0 a.m.43 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS
Exploits1
Prion
Prion
added 2022/07/06 1:15 p.m.13 views

Cross site request forgery (csrf)

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers...

4.3CVSS6.4AI score0.0046EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.2 views

YzmCMS YzmCMS 跨站请求伪造漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the existence of cross-site request forgery vulnerability, the attacker can be member/member/add.html through the use of this vulnerability to add...

4.3CVSS5.5AI score0.00566EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2011/05/20 12:58 p.m.9 views

CodeMasters - Gaming Community Compromised, Back-End Users Data Leaked !

CodeMasters - Gaming Community Compromised, Back-EndUsers Data Leaked ! CodeMasters - Gaming Community has been hacked by "Kon" . He leak the back-end users login Information as shown below : Technical Details : Encryption: DESUnix Method: POST SQLi URL: Not providing Number of member accounts:...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2002/12/21 12:0 a.m.30 views

SPGpartenaires (PHP)

Informations : °°°°°°°°°°°°°° Version : ? - 3.0.1 Website : http://www.scripts-php-gratuits.com Problem : SQL Injection - Access to member's accounts PHP Code/Location : °°°°°°°°°°°°°°°°°°° modif/ident.php : -------------------------------------------------- ... $sql="SELECT nomsite FROM...

Exploits0
Rows per page
Query Builder