189 matches found
PT-2025-16168 · WordPress · User Registration & Membership
Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...
WordPress plugin BoomBox Theme Extensions 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...
CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...
WordPress Civi theme <= 2.1.4 - Authentication Bypass via Password Update vulnerability
Authentication Bypass via Password Update vulnerability discovered by Lucio Sá in WordPress Theme Civi versions = 2.1.4...
CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the flforgotpassnew function. This makes ...
CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the flforgotpassnew function. This makes ...
WordPress Exertio Framework plugin <= 1.3.1 - Unauthenticated Arbitrary User Password Update vulnerability
Unauthenticated Arbitrary User Password Update vulnerability discovered by Foxyyy in WordPress Plugin Exertio Framework versions = 1.3.1...
CVE-2024-12860
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...
WordPress ShipWorks Connector for Woocommerce plugin <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update vulnerability
Cross-Site Request Forgery to Service Password/Username Update vulnerability discovered by SOPROBRO in WordPress Plugin ShipWorks Connector for Woocommerce versions = 5.2.5...
Eaton 9PX Cross-Site Request Forgery (CVE-2018-9281)
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change- password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable ...
PT-2024-16765
Name of the Vulnerable Software and Affected Versions Contest Gallery plugin for WordPress versions up to, and including, 24.0.7 Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their...
CVE-2022-30358
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...
OvalEdge 安全漏洞
OvalEdge is a solution from US-based OvalEdge that helps users create, manage, and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /user/updatePassword via the userId...
How to Update NATS and PostgreSQL Passwords Used by Veeam Backup for Microsoft 365
Purpose This article documents the procedures for updating the password Veeam Backup for Microsoft 365 uses to connect to the NATS server and the configuration database. Solution Expand the section below relevant to the password that has been changed: How to Update NATS Server Password Default...
CVE-2024-47768
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...
CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...
CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...
CVE-2024-8292
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for...