Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 2026/07/11 12:0 a.m.12 views

PT-2026-57416

Name of the Vulnerable Software and Affected Versions The Essential Addons for Elementor versions prior to 6.6.11 Description Insufficient server-side validation of a Login/Register widget setting allows authenticated attackers with Contributor-level access or higher to perform Email Header...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References17
Cvelist
Cvelist
added 2025/04/24 8:23 a.m.30 views

CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...

4.2CVSS0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/24 8:23 a.m.7 views

CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update

The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...

4.2CVSS7.1AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/17 6:55 a.m.26 views

CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4...

8.8CVSS6.9AI score0.007EPSS
Exploits0References1
Rows per page
Query Builder