Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2025/04/12 12:0 a.m.7 views

PT-2025-16168 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...

4.3CVSS5.7AI score0.00273EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

WordPress plugin BoomBox Theme Extensions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

8.8CVSS8.6AI score0.00344EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/14 3:32 p.m.25 views

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS6.7AI score0.00566EPSS
Exploits16References7Affected Software1
Cvelist
Cvelist
added 2025/03/14 11:15 a.m.21 views

CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...

9.8CVSS0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/14 11:15 a.m.5 views

CVE-2024-13771 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change...

9.8CVSS7.7AI score0.00409EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/14 2:37 a.m.5 views

WordPress Civi theme <= 2.1.4 - Authentication Bypass via Password Update vulnerability

Authentication Bypass via Password Update vulnerability discovered by Lucio Sá in WordPress Theme Civi versions = 2.1.4...

9.8CVSS8.8AI score0.00409EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/01 6:39 a.m.10 views

CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the flforgotpassnew function. This makes ...

8.1CVSS0.00386EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/01 6:39 a.m.5 views

CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the flforgotpassnew function. This makes ...

8.1CVSS8.5AI score0.00386EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/28 11:14 p.m.4 views

WordPress Exertio Framework plugin <= 1.3.1 - Unauthenticated Arbitrary User Password Update vulnerability

Unauthenticated Arbitrary User Password Update vulnerability discovered by Foxyyy in WordPress Plugin Exertio Framework versions = 1.3.1...

8.1CVSS7AI score0.00386EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/18 9:15 a.m.3 views

CVE-2024-12860

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for...

9.8CVSS5.9AI score0.00454EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/17 9:7 p.m.5 views

WordPress ShipWorks Connector for Woocommerce plugin <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update vulnerability

Cross-Site Request Forgery to Service Password/Username Update vulnerability discovered by SOPROBRO in WordPress Plugin ShipWorks Connector for Woocommerce versions = 5.2.5...

4.3CVSS7AI score0.00164EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/29 12:0 a.m.5 views

Eaton 9PX Cross-Site Request Forgery (CVE-2018-9281)

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change- password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable ...

8.8CVSS7.4AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.6 views

PT-2024-16765

Name of the Vulnerable Software and Affected Versions Contest Gallery plugin for WordPress versions up to, and including, 24.0.7 Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their...

9.8CVSS6AI score0.00747EPSS
Exploits0References12
OSV
OSV
added 2024/10/25 5:15 p.m.3 views

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

8.8CVSS5.8AI score0.00513EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage, and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /user/updatePassword via the userId...

8.8CVSS6.8AI score0.00513EPSS
Exploits1References1
Veeam
Veeam
added 2024/10/11 12:0 a.m.65 views

How to Update NATS and PostgreSQL Passwords Used by Veeam Backup for Microsoft 365

Purpose This article documents the procedures for updating the password Veeam Backup for Microsoft 365 uses to connect to the NATS server and the configuration database. Solution Expand the section below relevant to the password that has been changed: How to Update NATS Server Password Default...

6.9AI score
Exploits0Affected Software1
NVD
NVD
added 2024/10/04 3:15 p.m.15 views

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

8.1CVSS0.00493EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/04 2:33 p.m.25 views

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

6.9CVSS0.00493EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/04 2:33 p.m.19 views

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

6.9CVSS7AI score0.00493EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 7:15 a.m.4 views

CVE-2024-8292

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for...

9.8CVSS5.7AI score0.00603EPSS
Exploits0References5
Rows per page
Query Builder