Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:3 a.m.8 views

CVE-2024-10215

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS6.9AI score0.00652EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 7:21 p.m.19 views

CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

9.8CVSS0.00652EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-1579 · WordPress · Wpbookit

Name of the Vulnerable Software and Affected Versions: WPBookit plugin for WordPress versions up to, and including, 1.6.4 Description: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change. This is due to the plugin providing user-controlled access to objects, letting ...

9.8CVSS9.4AI score0.00652EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/10/17 2:6 a.m.20 views

CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...

9.8CVSS7.1AI score0.00581EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/17 2:6 a.m.24 views

CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...

9.8CVSS0.00581EPSS
Exploits0References3
CVE
CVE
added 2024/10/17 2:6 a.m.60 views

CVE-2024-9862

The CVE-2024-9862 entry concerns the Miniorange OTP Verification with Firebase plugin for WordPress. Affects versions up to and including 3.6.0 where user-controlled access to objects and a missing current-password check enable unauthenticated password changes, potentially allowing administrator ...

9.8CVSS9.6AI score0.00581EPSS
Exploits0References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/06/27 1:14 p.m.35 views

Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin

On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our...

6.5CVSS7.2AI score0.02233EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.516 views

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

7.1AI score0.02233EPSS
Exploits2
myhack58
myhack58
added 2012/04/21 12:0 a.m.21 views

HDWiki 5.1 arbitrary User Password Change vulnerability and fix-vulnerability warning-the black bar safety net

HDWiki reset the password there is a logical vulnerability, the attacker can modify any user password. Detailed description: control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring';...

0.2AI score
Exploits0
Rows per page
Query Builder