9 matches found
ProjectSend <= r1605 - Improper Authorization
An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...
WordPress WPFunnels plugin unauthorized user registration vulnerability
WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...
EUVD-2025-38358
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
CVE-2025-12353
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value...
CVE-2025-12353
The CVE-2025-12353 issue affects the WordPress WPFunnels plugin (versions up to 3.6.2). The vulnerability stems from the plugin relying on a user-controlled value, optin_allow_registration, to decide if user registration is allowed, instead of the site-wide setting. This enables unauthenticated a...
WordPress plugin WPFunnels 安全漏洞
WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...
VulnCheck KEV: CVE-2016-8870
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting...