9 matches found
CVE-2026-12093
The CVE-2026-12093 entry concerns the WordPress Simple Membership plugin (versions up to and including 4.7.5). The root cause is missing authorization verification, enabling unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded Stripe webhook with a victim...
CVE-2026-4002
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...
PT-2026-33024
The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax revoke token function which handles the 'petjeaf disconnect' AJAX action. The function performs destructive operations...
Brute Force Attack
silverstripe/framework is vulnerable to Brute Force attacks. The vulnerability is due to the default Administrator accounts not being subject to the same brute force protection as other Member accounts, allowing unlimited login attempts...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
Cross site request forgery (csrf)
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers...
YzmCMS YzmCMS 跨站请求伪造漏洞
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the existence of cross-site request forgery vulnerability, the attacker can be member/member/add.html through the use of this vulnerability to add...
CodeMasters - Gaming Community Compromised, Back-End Users Data Leaked !
CodeMasters - Gaming Community Compromised, Back-EndUsers Data Leaked ! CodeMasters - Gaming Community has been hacked by "Kon" . He leak the back-end users login Information as shown below : Technical Details : Encryption: DESUnix Method: POST SQLi URL: Not providing Number of member accounts:...
SPGpartenaires (PHP)
Informations : °°°°°°°°°°°°°° Version : ? - 3.0.1 Website : http://www.scripts-php-gratuits.com Problem : SQL Injection - Access to member's accounts PHP Code/Location : °°°°°°°°°°°°°°°°°°° modif/ident.php : -------------------------------------------------- ... $sql="SELECT nomsite FROM...