189 matches found
Exploit for CVE-2025-4322
CVE-2025-4322 : Unauthenticated Privilege Escalation via Passw...
Medium: ghostscript
Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript...
CVE-2023-47350
Cross-Site Request Forgery CSRF vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality...
CVE-2020-0621
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'...
WordPress plugin Motors 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Motors theme <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover vulnerability
Unauthenticated Privilege Escalation via Password Update/Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Motors versions = 5.6.67...
VulnCheck KEV: CVE-2025-4322
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...
Hacking Spree Hits UK Retail Giants
Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death...
CVE-2025-3607
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...
CVE-2025-3607
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for...
CVE-2025-3603
CVE-2025-3603 (Flynax Bridge, WordPress) is an unauthenticated privilege-escalation flaw in the Flynax Bridge plugin, affecting versions up to and including 2.2.0. The root cause is improper validation of a user’s identity before updating user details (e.g., passwords), enabling an unauthenticate...
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for...
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...
CVE-2025-3793
CVE-2025-3793 affects the Buddypress Force Password Change plugin for WordPress (versions up to 0.1). The vulnerability enables authenticated users (subscriber level or higher) to perform an account takeover by exploiting insufficient identity validation in the bp_force_password_ajax password-upd...
PT-2025-17716
Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to and including 2.2.0 Description The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover. This issue arises because the plugin does not properly validat...
CVE-2025-3292
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...
CVE-2025-3292
CVE-2025-3292 concerns the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile.” It is vulnerable to Insecure Direct Object Reference due to missing validation on the user_id parameter, enabling update of other users’ passwords when an attacke...
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...