9 matches found
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
PT-2025-1579 · WordPress · Wpbookit
Name of the Vulnerable Software and Affected Versions: WPBookit plugin for WordPress versions up to, and including, 1.6.4 Description: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change. This is due to the plugin providing user-controlled access to objects, letting ...
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-9862
The CVE-2024-9862 entry concerns the Miniorange OTP Verification with Firebase plugin for WordPress. Affects versions up to and including 3.6.0 where user-controlled access to objects and a missing current-password check enable unauthenticated password changes, potentially allowing administrator ...
Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin
On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our...
WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference
Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...
HDWiki 5.1 arbitrary User Password Change vulnerability and fix-vulnerability warning-the black bar safety net
HDWiki reset the password there is a logical vulnerability, the attacker can modify any user password. Detailed description: control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring';...