4 matches found
PT-2026-57416
Name of the Vulnerable Software and Affected Versions The Essential Addons for Elementor versions prior to 6.6.11 Description Insufficient server-side validation of a Login/Register widget setting allows authenticated attackers with Contributor-level access or higher to perform Email Header...
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bpforcepasswordajax' function in all versions up to, and including, 0.1. This makes i...
CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4...