WordPress User Verification by PickPlugins plugin <= 2.0.46 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by kai63001 in WordPress Plugin User Verification versions = 2.0.46...

CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

CVE-2026-7458

The CVE-2026-7458 entry concerns the WordPress plugin “User Verification by PickPlugins” with authentication bypass in all versions up to 2.0.46. The root cause is a loose PHP comparison operator used to validate OTP codes in user_verification_form_wrap_process_otpLogin, enabling unauthenticated ...

CVE-2024-4943

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hasfieldlinkrel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

WordPress Blocksy theme <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Theme Blocksy versions = 2.0.46...

WordPress Blocksy Theme <= 2.0.46 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.0.46 Fixed in 2.0.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4943 Patch priority Low CVSS severity Low 6.5 Developer Creative Themes PSID b3bc385251a5 Credits Ngô Thiên An ancorn Required...

WordPress Ultimate Member plugin <= 2.0.45 - Multiple vulnerabilities

Multiple vulnerabilities found by Antony Garand Sucuri team in WordPress Ultimate Member plugin versions = 2.0.45. Solution Update the WordPress Ultimate Member plugin to the latest available version at least 2.0.46...

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server. Description The Apache HTTP server contains a heap buffer overflow vulnerability in the aprpsprintf function. The Apache Softwar...

security flaw

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...

Apache 2.0.x < 2.0.46 Multiple DoS

The remote host appears to be running a version of Apache 2.0.x that is prior to 2.0.46. It is, therefore, affected by multiple denial of service vulnerabilities : - There is a denial of service vulnerability that may allow an attacker to disable basic authentication on this host. - There is a...