WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass

application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET or $REQUEST, so an attacker can perform CSRF by forcing a victim's browser t...

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

PT-2026-2299

Name of the Vulnerable Software and Affected Versions QloApps hotel eCommerce version 1.5.1 Description A Cross-Site Request Forgery CSRF issue exists in the index.php file. This allows an attacker to modify the administrator's email address by leveraging a malicious HTML document. Recommendation...

QloApps 安全漏洞

QloApps is a hotel management and reservation system from QloApps open source. A security vulnerability exists in QloApps version 1.5.1, which stems from a cross-site request forgery issue in index.php that could allow an attacker to change the administrator's email address via a specially crafte...

CVE-2021-41074

CVE-2021-41074 – QloApps hotel eCommerce 1.5.1 CSRF in index.php : A crafted HTML document can cause change of the administrator’s email address. This is a Cross-Site Request Forgery issue in the index.php file of QloApps 1.5.1. Public sources in the connected documents confirm the vulnerability ...

EUVD-2020-19338

Malware in sbrugna...

EUVD-2020-5500

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-13231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Cacti before 1.2.11, authprofile.php?action=edit allows CSRF for an admin email change. CVE-2020-13231 Note that Nessus relies on the presence of the package...

CVE-2021-24803

The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...

WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...

WordPress plugin WCFM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-1315

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtclupdateuseraccount' function. This makes it possible fo...

SUSE CVE-2020-13231

In Cacti before 1.2.11, authprofile.php?action=edit allows CSRF for an admin email change...

WordPress plugin Core Tweaks WP Setup 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Core Tweaks WP Setup plugin 4.1 and earlier...

CVE-2020-26802

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery CSRF in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover...

Cacti < 1.2.11 Multiple Vulnerabilities - Linux

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...