15 matches found
CVE-2025-11255
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
WordPress plugin Password Policy Manager | Password Manager Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
EUVD-2025-35926
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
CVE-2025-11255
Summary (CVE-2025-11255) The Password Policy Manager | Password Manager WordPress plugin is vulnerable to unauthorized data modification due to a missing capability check on the moppm_ajax AJAX endpoint in all versions up to and including 2.0.5 . An attacker with Subscriber+ privileges can cause ...
CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppmajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with...
WordPress Password Policy Manager plugin <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out vulnerability
Missing Authorization to Authenticated Subscriber+ Configuration Log Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Password Policy Manager versions = 2.0.5...
PT-2025-43719
Name of the Vulnerable Software and Affected Versions Password Policy Manager | Password Manager plugin for WordPress versions through 2.0.5 Description The Password Policy Manager | Password Manager plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing...
EUVD-2025-17488
Malicious code in bioql PyPI...
CVE-2025-31019
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
CVE-2025-31019
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
CVE-2025-31019
CVE-2025-31019 concerns the WordPress Password Policy Manager plugin (miniOrange Password Policy Manager) with an authentication bypass that enables authentication abuse. Affected versions are 2.0.4 and earlier; exploitation could lead to account takeover. Multiple connected sources corroborate t...
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
PT-2025-24472 · Miniorange · Miniorange Password Policy Manager
Name of the Vulnerable Software and Affected Versions: miniOrange Password Policy Manager versions 2.0.4 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing Authentication Abuse. Recommendations: For miniOrange Password Policy...