EUVD-2021-13993

Malware in sbrugna...

WordPress AI Image Lab - Free AI Image Generator plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AI Image Lab - Free AI Image Generator plugin, which stems from missing or incorrect validation of random...

SQL injection and Authentication bypass

Description The validApiKey middleware, which is responsible for verifying API keys provided in the request's Authorization header, is susceptible to SQL injection. This vulnerability can potentially lead to an authentication bypass, granting unauthorized access to API endpoints. NOTE: It's worth...

HackerOne: Banned user still has access to their deleted account via HackerOne's API using their API key

The user's banned account could still be accessed using their previously generated API token, allowing them to perform actions such as retrieving reports, balance, earnings, payouts, weaknesses, and program information. This vulnerability was discovered and exploited on a test account...