Lucene search
K

142 matches found

Nuclei
Nuclei
added 10 hours ago19 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References2
NVD
NVD
added yesterday5 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-40995

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40371

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/06/20 2:16 p.m.11 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS0.00428EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-1114

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.7AI score0.0054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.21 views

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.5AI score0.14608EPSS
Exploits10References1
CVE
CVE
added 2026/06/01 9:37 a.m.16 views

CVE-2026-25600

The CVE describes a local-privilege escalation in the PDBM application caused by a hard-coded secret embedded in PDBM.exe that is reused by encryption routines to decrypt credentials in the configuration file. Because the secret is constant across installations, an attacker with sufficient local ...

6.4CVSS5.8AI score0.00065EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 12:0 a.m.32 views

CVE-2026-43000

CVE-2026-43000 affects OpenStack Keystone (identity service). Affected: Keystone before 29.0.2. The issue arises when an impersonation vulnerability in application credentials is chained with Keystone trusts, allowing a user with member role to escalate to admin by delegating the victim's admin r...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:39 p.m.10 views

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42021

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/17 9:47 p.m.102 views

Exploit for CVE-2026-8181

CVE-2026-8181 Burst Statistics | Authentication Bypass to Admi...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
GithubExploit
GithubExploit
added 2026/05/17 10:6 a.m.107 views

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics Authentication Bypass Lab Lo...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
NVD
NVD
added 2026/05/14 6:16 a.m.17 views

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS0.14608EPSS
Exploits10References10
Cvelist
Cvelist
added 2026/05/14 5:30 a.m.43 views

CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS0.14608EPSS
Exploits10References10
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:30 a.m.8 views

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 5:30 a.m.12 views

CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References10
EUVD
EUVD
added 2026/05/14 5:30 a.m.11 views

EUVD-2026-30242

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References10
CVE
CVE
added 2026/05/14 5:30 a.m.43 views

CVE-2026-8181

CVE-2026-8181 affects Burst Statistics – Privacy-Friendly WordPress Analytics (v3.4.0–3.4.1.1). Root cause: is_mainwp_authenticated() passes authentication when wp_authenticate_application_password() returns null outside the REST API, because the code only checks for WP_Error. This allows an unau...

9.8CVSS5.8AI score0.14608EPSS
In wildExploits10References10
Rows per page
Query Builder