CVE-2024-4133

CVE-2024-4133 concerns the ARMember – Membership Plugin for WordPress. Affected versions up to 4.0.30 are vulnerable to an Open Redirect caused by insufficient validation of the redirect_to parameter, enabling unauthenticated attackers to redirect users to malicious sites if they can persuade the...

PT-2024-22175 · Mailerlite · Mailerlite – Signup Forms

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms official plugin for WordPress versions up to, and including, 1.7.6 Description: The issue allows unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and...

PT-2024-17998 · WordPress · Mailerlite

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-suppli...

WordPress MailerLite – Signup forms (official) plugin <= 1.7.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin MailerLite versions = 1.7.6...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf12af72ac5b Credits Richard Tellen...

MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization

Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...

PT-2024-23951 · Unknown · Fetch Designs Sign-Up Sheets

Name of the Vulnerable Software and Affected Versions: Fetch Designs Sign-up Sheets versions n/a through 2.2.11.1 Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web applicatio...

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery

Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...

CVE-2024-27995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...

CVE-2024-27995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restrictio...

PT-2024-22330 · Unknown · Yourspotify

Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.9.0 Description: The issue concerns a clickjacking vulnerability that can be used to trick an existing user into triggering actions, such as allowing signup of other users or deleting the current user account...

PHP MySQL User Signup Login System Security Vulnerability

PHP MySQL User Signup Login System is a login and registration form using HTML, PHP and MySQL. A security vulnerability exists in PHP MySQL User Signup Login System version 1.0, which originates from a sensitive information disclosure vulnerability in the file login.sql...

Online-Book-Store-Website Cross-Site Scripting Vulnerability

Online-Book-Store-Website is an online bookstore website. A cross-site scripting vulnerability exists in Online-Book-Store-Website version 1.0, which originates from a cross-site scripting vulnerability in the name parameter of the /signup.php file...

BIT-MATTERMOST-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

CVE-2023-7108

A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file usersignup.php. The manipulation of the argument firstname with the input leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2023-7107

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file usersignup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attac...

CVE-2024-1700

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input alert"xss" leads to cross site scripting. It is possible to launch the...

PT-2024-18233 · Unknown · Keerti1924 Php-Mysql-User-Login-System

Name of the Vulnerable Software and Affected Versions: keerti1924 PHP-MYSQL-User-Login-System version 1.0 Description: A problematic vulnerability was found in the keerti1924 PHP-MYSQL-User-Login-System. The issue affects an unknown function of the file /signup.php. By manipulating the username...

PHP MySQL User Signup Login System SQL Injection Vulnerability

PHP MySQL User Signup Login System is a login and registration form using HTML, PHP and MySQL. A SQL injection vulnerability exists in PHP MySQL User Signup Login System version 1.0, which originates from a SQL injection vulnerability in the file /edit.php...