Lucene search
K

45 matches found

NVD
NVD
added 2024/06/14 6:15 a.m.26 views

CVE-2024-3971

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

5.4CVSS0.002EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/14 6:0 a.m.30 views

CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

0.002EPSS
Exploits2References1
CVE
CVE
added 2024/06/14 6:0 a.m.57 views

CVE-2024-3971

The CVE CVE-2024-3971 concerns the Similarity WordPress plugin (

5.4CVSS4.8AI score0.002EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.7 views

PT-2024-13701 · Stilog · Stilog Visual Planning

Name of the Vulnerable Software and Affected Versions: Stilog Visual Planning version 8 Description: An authentication bypass issue was found, allowing an unauthenticated attacker to brute-force the password reset PINs of administrative users. Recommendations: For Stilog Visual Planning version 8...

9.8CVSS7.6AI score0.01525EPSS
Exploits1References9
OSV
OSV
added 2024/01/11 8:15 p.m.4 views

CVE-2024-0425

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=resetadminpsw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the publ...

7.5CVSS5.3AI score0.00742EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-15548 · Foru Cms · Foru Cms

Name of the Vulnerable Software and Affected Versions: ForU CMS versions up to 2020-06-23 Description: A critical issue was found in ForU CMS, affecting the file /admin/index.php?act=reset admin psw. This issue leads to weak password recovery and can be initiated remotely. Recommendations: For...

7.5CVSS5.6AI score0.00742EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2023/07/04 12:0 a.m.193 views

Advanced HRM 1.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : Advanced HRM v1.6 Reset admin login Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-b...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/10/13 12:0 a.m.20 views

Page View Count < 2.5.6 - Settings Reset via CSRF

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...

5.4CVSS4.6AI score0.00243EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2022/10/04 1:44 p.m.11 views

Insufficient Session Expiration

Description Active sessions are not invalidated after a password change or after an admin resets the user's password. Proof of Concept Steps to reproduce: 1. Log in to Elgg with any user 2. Do the same in another browser or a private window, such that there are two different active sessions 3...

1.9AI score
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.17 views

CVE-2021-25092

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack...

6.5CVSS0.0048EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.5 views

PT-2022-9648 · WordPress · Link Library

Name of the Vulnerable Software and Affected Versions: Link Library WordPress plugin versions prior to 7.2.8 Description: The issue allows attackers to make a logged-in admin reset arbitrary settings via a CSRF attack because the Link Library WordPress plugin does not have a CSRF check when...

6.5CVSS7.3AI score0.0048EPSS
Exploits1References6
OSV
OSV
added 2019/07/05 8:15 p.m.4 views

CVE-2019-13352

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...

9.8CVSS7.4AI score0.0288EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2018/08/03 5:29 p.m.3 views

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +132 more potentially affected by CVE-2018-14574 via django (>=2.0.0 <=2.0.7)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

6.1CVSS6.5AI score0.2549EPSS
Exploits0
Circl
Circl
added 2018/05/29 3:50 p.m.8 views

CVE-2014-125122

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/linksystmunblockadminresetbof.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

5.3CVSS5.7AI score0.00759EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/03/06 11:56 a.m.8 views

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +120 more potentially affected by CVE-2018-7537 via django (>=2.0.0 <=2.0.2)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-7537 Source advisory: SNYK:PYTHON-DJANGO-40779...

5.3CVSS6.7AI score0.0462EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2009/09/11 12:0 a.m.4 views

PT-2009-5484 · Mevin Productions · Mevin Productions Basic Php Events Lister

Name of the Vulnerable Software and Affected Versions: Mevin Productions Basic PHP Events Lister version 2.0 Description: The issue concerns improper access restriction to certain PHP files, specifically admin/reset.php and admin/user add.php. This allows remote authenticated users to reset...

7.2CVSS6.8AI score0.02609EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.10 views

Fedora Core 10 FEDORA-2009-8487 (wordpress)

The remote host is missing an update to wordpress announced via advisory FEDORA-2009-8487. OpenVAS Vulnerability Test $Id: fcore20098487.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8487 wordpress Authors: Thomas Reinke Copyright: Copyright c 200...

0.1AI score
Exploits0
myhack58
myhack58
added 2009/08/14 12:0 a.m.22 views

wordpress password reset vulnerability-vulnerability warning-the black bar safety net

============================================= - Release date: August 10th, 2 0 0 9 - Discovered by: Laurent Gaffié - Severity: Medium ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.3 Remote admin reset password II. BACKGROUND...

7AI score
Exploits0
seebug.org
seebug.org
added 2009/08/12 12:0 a.m.14 views

Wordpress &lt;= 2.8.3 Remote Admin Reset Password Vulnerability

No description provided by source. ============================================= - Release date: August 10th, 2009 - Discovered by: Laurent Gaffié - Severity: Medium ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.3 Remote admin reset...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/08/11 12:0 a.m.41 views

Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability

Exploit for unknown platform in category web applications ============================================================ Wordpress = 2.8.3 Remote Admin Reset Password Vulnerability ============================================================ ============================================= - Release...

7.1AI score
Exploits0
Rows per page
Query Builder