Lucene search
K

17 matches found

Cvelist
Cvelist
added 2024/06/06 2:2 a.m.107 views

CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS8.4AI score0.01507EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.6 views

PT-2024-20577 · Traccar · Traccar

Name of the Vulnerable Software and Affected Versions: Traccar versions prior to 6.0 Description: Traccar is an open source GPS tracking system. The issue allows for path traversal and unrestricted upload of files with dangerous types. Since the system allows registration by default, attackers ca...

8.5CVSS7AI score0.54413EPSS
Exploits9References22
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.6 views

WordPress Plugin Auto Login New User After Registration Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS6.4AI score0.00204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/05/11 12:0 a.m.30 views

WordPress bbPress Plugin < 2.6.5 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bbpress:bbpress"; if description...

9.8CVSS7.3AI score0.43879EPSS
Exploits8References2
OSV
OSV
added 2022/05/24 5:18 p.m.29 views

GHSA-MWXH-6J9V-45PH bbPress unauthenticated privilege-escalation

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

9.8CVSS9.4AI score0.43879EPSS
Exploits7References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.33 views

bbPress unauthenticated privilege-escalation

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

9.8CVSS6.9AI score0.43879EPSS
Exploits7References6Affected Software1
OSV
OSV
added 2020/05/29 12:15 a.m.2 views

CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

9.8CVSS7.3AI score0.43879EPSS
Exploits7References4
NVD
NVD
added 2020/05/29 12:15 a.m.25 views

CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

9.8CVSS9.5AI score0.43879EPSS
Exploits7References4
Prion
Prion
added 2020/05/29 12:15 a.m.30 views

Privilege escalation

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

7.5CVSS9.4AI score0.43879EPSS
Exploits7References4Affected Software1
Cvelist
Cvelist
added 2020/05/28 11:54 p.m.36 views

CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...

9.6AI score0.43879EPSS
Exploits7References4
CVE
CVE
added 2020/05/28 11:54 p.m.226 views

CVE-2020-13693

The CVE-2020-13693 entry concerns the WordPress bbPress plugin before 2.6.5, where an unauthenticated privilege-escalation vulnerability exists when New User Registration is enabled. The issue stems from a privilege escalation path in bbPress that allows attackers without authentication to gain h...

9.8CVSS9.4AI score0.43879EPSS
Exploits7References4Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.32 views

bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled

Raphael Karger discovered an unauthenticated privilege escalation issue when new user registration is enabled...

7.5CVSS3.4AI score0.43879EPSS
Exploits7References2Affected Software1
CNVD
CNVD
added 2019/11/22 12:0 a.m.4 views

Zulip server authorization issue vulnerability

Zulip server is an open source team chat application from the American company Zulip. An authorization issue vulnerability exists in the new user registration process in Zulip server version 1.7.0 and later versions, which can be exploited by an attacker to gain full access to a user's account...

9.8CVSS7AI score0.01352EPSS
Exploits0References1
Prion
Prion
added 2019/01/27 2:29 a.m.15 views

Improper access control

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

7.5CVSS9.4AI score0.26076EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/01/27 2:0 a.m.60 views

CVE-2019-6703

CVE-2019-6703 affects the Total Donations WordPress plugin (up to 2.0.5/2.0.6) via an incorrect access control in migla_ajax_functions.php. This flaw allows unauthenticated attackers to call miglaA_update_me through wp-admin/admin-ajax.php and modify arbitrary WordPress option values, enabling ac...

9.8CVSS9.4AI score0.26076EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2005/02/20 5:0 a.m.50 views

CVE-2004-1651

CVE-2004-1651 affects the phpScheduleIt 1.0.0 RC1 registration page. The vulnerabilities are cross-site scripting (XSS) via user-supplied input in (1) Name, (2) Lastname, and (3) Schedule Name fields during new user registration. The root cause is insufficient input sanitization, enabling remote ...

4.3CVSS5.8AI score0.01338EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/09/01 12:0 a.m.10 views

phpScheduleIt < 1.0.0 New User Registration HTML Injection

Binary data 2191.prm...

4.3CVSS7.3AI score0.01338EPSS
Exploits0References1
Rows per page
Query Builder