2 matches found
CVE-2026-1644
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...
CVE-2024-41252
An Incorrect Access Control vulnerability was found in /smsa/adminstudentregisterapproval.php and /smsa/adminstudentregisterapprovalsubmit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration...