Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6145

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.5AI score0.00445EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 8:24 a.m.21 views

CVE-2026-6145

CVE-2026-6145 affects the WordPress plugin “User Registration & Membership” (versions up to 5.1.5). The vulnerability arises from is_admin_creation_process() relying solely on the presence of action=createuser in $_REQUEST, with no authentication or capability checks. This allows unauthenticated ...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/14 8:24 a.m.17 views

EUVD-2026-30257

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6145

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.47 views

CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS0.00445EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/14 8:24 a.m.9 views

CVE-2026-6145 User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.8 views

PT-2026-40894

Name of the Vulnerable Software and Affected Versions User Registration & Membership plugin for WordPress versions prior to 5.1.6 Description An issue exists where the is admin creation process function relies exclusively on the presence of the action=createuser parameter within the $ REQUEST...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/05/13 7:52 p.m.10 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability

Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.5...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 10:18 p.m.6 views

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 6:29 p.m.6 views

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

8.3CVSS0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48050

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00337EPSS
Exploits1References1
OSV
OSV
added 2024/11/07 10:15 p.m.6 views

CVE-2024-8810

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

6.5CVSS5.8AI score0.00433EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.6 views

PT-2024-38044 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: A vulnerability exists where a token is returned when a user with a pending role logs in, allowing the user to perform actions without admin confirmation and bypassing the intended approval...

5.4CVSS5.7AI score0.00337EPSS
Exploits1References7
Hacker One
Hacker One
added 2023/02/03 4:40 p.m.121 views

inDrive: inDriver Job - Admin Approval Bypass

A vulnerability was discovered in the "inDriver Job" application that allowed an attacker to bypass the admin approval process for publishing job offers. This vulnerability enabled the attacker to publish arbitrary content without undergoing the necessary moderation step...

7.1AI score
Exploits0
Rows per page
Query Builder