CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

CVE-2024-54239

Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through = 4.0.18...

CVE-2024-54239

CVE-2024-54239 refers to a Missing Authorization vulnerability in the WordPress plugin Eyewear prescription form (dugudlabs) affecting versions n/a through 4.0.18. Multiple sources (Red Hat, NVD/NVD mirror, PATCHSTACK, CVE List) confirm a privilege-escalation flaw arising from missing authorizati...

WordPress plugin Eyewear prescription form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-36117 · Dugudlabs · Eyewear Prescription Form

Name of the Vulnerable Software and Affected Versions: dugudlabs Eyewear prescription form versions n/a through 4.0.18 Description: The issue is related to a Missing Authorization vulnerability in the Eyewear prescription form, which allows Privilege Escalation. Recommendations: For versions n/a...

WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability

Arbitrary Option Update to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Eyewear prescription form versions = 4.0.18...

WordPress Gallery Bank Plugin <= 4.0.18 is vulnerable to Cross Site Scripting (XSS)

Software Gallery Bank Type Plugin Vulnerable versions = 4.0.18 Fixed in 4.0.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b7b7ba517a68 Credits Rafie Muhammad Patchstack Required...

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update vulnerability

Unauthenticated Arbitrary CSS Update vulnerability discovered by Krzysztof Zając in WordPress CMP – Coming Soon & Maintenance plugin versions = 4.0.18. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 4.0.19...