17 matches found
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2024-20577 · Traccar · Traccar
Name of the Vulnerable Software and Affected Versions: Traccar versions prior to 6.0 Description: Traccar is an open source GPS tracking system. The issue allows for path traversal and unrestricted upload of files with dangerous types. Since the system allows registration by default, attackers ca...
WordPress Plugin Auto Login New User After Registration Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress bbPress Plugin < 2.6.5 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bbpress:bbpress"; if description...
GHSA-MWXH-6J9V-45PH bbPress unauthenticated privilege-escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
bbPress unauthenticated privilege-escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
Privilege escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
CVE-2020-13693
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled...
CVE-2020-13693
The CVE-2020-13693 entry concerns the WordPress bbPress plugin before 2.6.5, where an unauthenticated privilege-escalation vulnerability exists when New User Registration is enabled. The issue stems from a privilege escalation path in bbPress that allows attackers without authentication to gain h...
bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registration enabled
Raphael Karger discovered an unauthenticated privilege escalation issue when new user registration is enabled...
Zulip server authorization issue vulnerability
Zulip server is an open source team chat application from the American company Zulip. An authorization issue vulnerability exists in the new user registration process in Zulip server version 1.7.0 and later versions, which can be exploited by an attacker to gain full access to a user's account...
Improper access control
Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...
CVE-2019-6703
CVE-2019-6703 affects the Total Donations WordPress plugin (up to 2.0.5/2.0.6) via an incorrect access control in migla_ajax_functions.php. This flaw allows unauthenticated attackers to call miglaA_update_me through wp-admin/admin-ajax.php and modify arbitrary WordPress option values, enabling ac...
CVE-2004-1651
CVE-2004-1651 affects the phpScheduleIt 1.0.0 RC1 registration page. The vulnerabilities are cross-site scripting (XSS) via user-supplied input in (1) Name, (2) Lastname, and (3) Schedule Name fields during new user registration. The root cause is insufficient input sanitization, enabling remote ...
phpScheduleIt < 1.0.0 New User Registration HTML Injection
Binary data 2191.prm...