CVE-2026-2222

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

CVE-2023-43203

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function updateusers...

CVE-2025-13812 GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipressajaxgetposts and gamipressajaxgetusers functions in all versions up to, and including...

CVE-2025-14397

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postemipsumgenerateusers function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with...

PT-2025-51096

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get users function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including...

WordPress plugin Brizy – Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2023-38670

Malicious code in bioql PyPI...

CVE-2023-34626

Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function...

CVE-2024-40443

SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the deleteusers function in the Useres.php...

PT-2024-38495 · Sourcecodester · Sourcecodester Car Driving School Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A critical issue was found in the system, affecting the delete users function of the User.php file. The manipulation of the id argument leads to SQL injection. This...

PT-2024-38489 · Sourcecodester · Sourcecodester Car Driving School Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A problematic issue was found, affecting the save users function of the file admin/user/index.php. This leads to cross-site request forgery, which can be initiated...

CVE-2024-6649

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function saveusers of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched...

PT-2024-37776 · Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. The issue affects the save users function of the Users.php file, leading to...

CVE-2024-5896

A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function saveusers of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

PT-2024-37231 · Sourcecodester · Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue was found in the save users function of the /classes/Users.php file, specifically in the id argument, which leads to sql injection. This...

PT-2024-37230 · Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue has been found in the system, affecting the delete users function of the file /classes/Users.php?f=delete. The manipulation of the id...

CVE-2024-3139

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function saveusers of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack ma...

PT-2024-15676 · WordPress · The Awesome Support – Wordpress Helpdesk & Support Plugin

Name of the Vulnerable Software and Affected Versions: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress versions up to, and including, 6.1.7 Description: The issue is related to unauthorized access due to a missing capability check on the wpas get users function, whi...

WordPress Plugin Awesome Support SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-43147

PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI...