WordPress Javo Core plugin <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup vulnerability

Unauthenticated Privilege Escalation in ajaxsignup vulnerability discovered by Tonn in WordPress Plugin Javo Core versions = 3.0.0.080...

CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress plugin Login/Signup Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-7512 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions 2.17.0 through 2.20.1 Description: A Cross-Site Request Forgery CSRF issue exists in the Signup feature. This allows an attacker to create a new account, which can be used to perform unauthorized actions on behalf of th...

WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via xooelaction Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Login/Signup Popup versions = 2.8.5...

CVE-2024-13595

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-13595

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-13595 Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2024-13595 Simple Signup Form <= 1.6.5 - Authenticated (Contributor+) SQL Injection

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

WordPress plugin Simple Signup Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

WordPress Simple Signup Form plugin <= 1.6.5 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Signup Form versions = 1.6.5...

CVE-2025-1355

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. Th...

Library Card System 代码问题漏洞

Library Card System is a library management system developed by Md. Yamin Hossain, an individual developer in Bangladesh. A code issue vulnerability exists in Library Card System version 1.0 due to an unrestricted upload issue contained in the /signup.php file of the Add Picture module...

PT-2025-6888 · Unknown · Needyamin Library Card System

Name of the Vulnerable Software and Affected Versions: needyamin Library Card System version 1.0 Description: A critical vulnerability was found in the needyamin Library Card System, affecting an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to...

CVE-2024-50475

Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through = 1.0...

Malicious code in signup-ui-url-generator (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-868 Malicious code in signup-ui-url-generator (npm)

--- -= Per source details. Do not edit below this line.=-...

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

...

CVE-2025-0844

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/useraddress...

CVE-2025-0844 needyamin Library Card System Registration Page signup.php cross site scripting

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/useraddress...