45 matches found
CVE-2024-3971
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3971
The CVE CVE-2024-3971 concerns the Similarity WordPress plugin (
PT-2024-13701 · Stilog · Stilog Visual Planning
Name of the Vulnerable Software and Affected Versions: Stilog Visual Planning version 8 Description: An authentication bypass issue was found, allowing an unauthenticated attacker to brute-force the password reset PINs of administrative users. Recommendations: For Stilog Visual Planning version 8...
CVE-2024-0425
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=resetadminpsw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the publ...
PT-2024-15548 · Foru Cms · Foru Cms
Name of the Vulnerable Software and Affected Versions: ForU CMS versions up to 2020-06-23 Description: A critical issue was found in ForU CMS, affecting the file /admin/index.php?act=reset admin psw. This issue leads to weak password recovery and can be initiated remotely. Recommendations: For...
Advanced HRM 1.6 Insecure Direct Object Reference
==================================================================================================================================== | Title : Advanced HRM v1.6 Reset admin login Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-b...
Page View Count < 2.5.6 - Settings Reset via CSRF
The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
Insufficient Session Expiration
Description Active sessions are not invalidated after a password change or after an admin resets the user's password. Proof of Concept Steps to reproduce: 1. Log in to Elgg with any user 2. Do the same in another browser or a private window, such that there are two different active sessions 3...
CVE-2021-25092
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack...
PT-2022-9648 · WordPress · Link Library
Name of the Vulnerable Software and Affected Versions: Link Library WordPress plugin versions prior to 7.2.8 Description: The issue allows attackers to make a logged-in admin reset arbitrary settings via a CSRF attack because the Link Library WordPress plugin does not have a CSRF check when...
CVE-2019-13352
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...
beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +132 more potentially affected by CVE-2018-14574 via django (>=2.0.0 <=2.0.7)
django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =0.0.1, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...
CVE-2014-125122
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/linksystmunblockadminresetbof.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +120 more potentially affected by CVE-2018-7537 via django (>=2.0.0 <=2.0.2)
django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-7537 Source advisory: SNYK:PYTHON-DJANGO-40779...
PT-2009-5484 · Mevin Productions · Mevin Productions Basic Php Events Lister
Name of the Vulnerable Software and Affected Versions: Mevin Productions Basic PHP Events Lister version 2.0 Description: The issue concerns improper access restriction to certain PHP files, specifically admin/reset.php and admin/user add.php. This allows remote authenticated users to reset...
Fedora Core 10 FEDORA-2009-8487 (wordpress)
The remote host is missing an update to wordpress announced via advisory FEDORA-2009-8487. OpenVAS Vulnerability Test $Id: fcore20098487.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8487 wordpress Authors: Thomas Reinke Copyright: Copyright c 200...
wordpress password reset vulnerability-vulnerability warning-the black bar safety net
============================================= - Release date: August 10th, 2 0 0 9 - Discovered by: Laurent Gaffié - Severity: Medium ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.3 Remote admin reset password II. BACKGROUND...
Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability
No description provided by source. ============================================= - Release date: August 10th, 2009 - Discovered by: Laurent Gaffié - Severity: Medium ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.3 Remote admin reset...
Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability
Exploit for unknown platform in category web applications ============================================================ Wordpress = 2.8.3 Remote Admin Reset Password Vulnerability ============================================================ ============================================= - Release...