164 matches found
Default credentials
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...
CVE-2023-29975
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...
CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...
Authentication flaw
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
Authentication flaw
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...
BP Social Connect < 1.6.2 - Authentication Bypass
The plugin does not properly verify the user through its Facebook login, which could allow attackers to login as any user knowing their email address...
Code injection
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...
SUSE CVE-2013-6404
Quassel core server daemon in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in 1 16/selectbufferbyid.sql, 2 16/selectbufferbyid.sql, and 3 16/selectbufferbyid.sql i...
CVE-2022-4693
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...
CVE-2022-4693
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...
CVE-2022-4693 User Verification < 1.0.94 - Authentication Bypass
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...
CVE-2022-4693 User Verification < 1.0.94 - Authentication Bypass
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...
CVE-2022-4693
CVE-2022-4693 affects the WordPress plugin User Verification (before 1.0.94). The vulnerability is an authentication bypass where knowledge of a user’s username can grant access or elevated privileges. Publicly queryable usernames can lead to admin-like access on a site. Technical details from co...
WordPress plugin The User Verification 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Microsoft Entra: 5 identity priorities for 2023
Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global digital footprint continues to grow, so does the risk of...
Send any message to any to any private channel
Description A user can add any message to a private channel that is not in that channel. This error is because the web application did not check if the sender userid is in that private channel. Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Us...
WordPress User Verification Plugin < 1.0.94 is vulnerable to Bypass Vulnerability
Software User Verification Type Plugin Vulnerable versions 1.0.94 Fixed in 1.0.94 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2022-4693 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 89cd3dc7d831 Credits István Márton Required...
User Verification < 1.0.94 - Authentication Bypass
The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website...