Lucene search
K

164 matches found

Prion
Prion
added 2023/11/09 10:15 p.m.21 views

Default credentials

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

5.8CVSS7.5AI score0.01679EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/09 12:0 a.m.21 views

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification...

7.2AI score0.01679EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/30 1:56 a.m.16 views

CVE-2023-2834 BookIt <= 2.3.7 - Authentication Bypass

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.4AI score0.01914EPSS
Exploits3References7
Prion
Prion
added 2023/05/25 3:15 a.m.25 views

Authentication flaw

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...

7.5CVSS9.5AI score0.67511EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2023/05/25 3:15 a.m.26 views

Authentication flaw

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

7.5CVSS9.5AI score0.03805EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/25 2:5 a.m.10 views

CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.03805EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/25 2:5 a.m.45 views

CVE-2023-2734 MStore API <= 3.9.1 - Authentication Bypass

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated...

9.8CVSS9.8AI score0.03805EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/05/18 12:0 a.m.19 views

BP Social Connect < 1.6.2 - Authentication Bypass

The plugin does not properly verify the user through its Facebook login, which could allow attackers to login as any user knowing their email address...

9.8CVSS6.7AI score0.01623EPSS
Exploits1Affected Software1
Prion
Prion
added 2023/05/01 3:15 p.m.16 views

Code injection

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to...

6.4CVSS9.1AI score0.01475EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.4 views

SUSE CVE-2013-6404

Quassel core server daemon in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in 1 16/selectbufferbyid.sql, 2 16/selectbufferbyid.sql, and 3 16/selectbufferbyid.sql i...

4CVSS6.5AI score0.02059EPSS
Exploits1References3
OSV
OSV
added 2023/01/23 3:15 p.m.3 views

CVE-2022-4693

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...

9.8CVSS5.8AI score0.01598EPSS
Exploits2References2
NVD
NVD
added 2023/01/23 3:15 p.m.35 views

CVE-2022-4693

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...

9.8CVSS9.5AI score0.01598EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.6 views

CVE-2022-4693 User Verification < 1.0.94 - Authentication Bypass

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...

7.1AI score0.01598EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.26 views

CVE-2022-4693 User Verification < 1.0.94 - Authentication Bypass

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...

9.7AI score0.01598EPSS
Exploits2References2
CVE
CVE
added 2023/01/23 2:31 p.m.70 views

CVE-2022-4693

CVE-2022-4693 affects the WordPress plugin User Verification (before 1.0.94). The vulnerability is an authentication bypass where knowledge of a user’s username can grant access or elevated privileges. Publicly queryable usernames can lead to admin-like access on a site. Technical details from co...

9.8CVSS9.6AI score0.01598EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.17 views

WordPress plugin The User Verification 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.3AI score0.01598EPSS
Exploits2References3
Microsoft Secure
Microsoft Secure
added 2023/01/09 5:0 p.m.23 views

​​Microsoft Entra: 5 identity priorities for 2023

Welcome to 2023. After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global digital footprint continues to grow, so does the risk of...

7.7AI score
Exploits0
Huntr
Huntr
added 2023/01/01 9:57 a.m.8 views

Send any message to any to any private channel

Description A user can add any message to a private channel that is not in that channel. This error is because the web application did not check if the sender userid is in that private channel. Proof of Concept Login to website in brower 1 with user A. Login to website in brower 2 with user B. Us...

6.9AI score
Exploits0
Patchstack
Patchstack
added 2022/12/28 12:0 a.m.12 views

WordPress User Verification Plugin < 1.0.94 is vulnerable to Bypass Vulnerability

Software User Verification Type Plugin Vulnerable versions 1.0.94 Fixed in 1.0.94 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2022-4693 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 89cd3dc7d831 Credits István Márton Required...

9.8CVSS6.5AI score0.01598EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.651 views

User Verification < 1.0.94 - Authentication Bypass

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website...

9.8CVSS1.4AI score0.01598EPSS
Exploits2References1
Rows per page
Query Builder