147 matches found
Configure a Proper Value for MaxAuthTries
MaxAuthTries indicates the maximum number of user authentication failures allowed in a single connection. If the number of user authentication failures exceeds the value, the connection is automatically disconnected. You are advised to set this field to a value less than or equal to 3. If this...
WordPress Job Listings plugin 0.1-0.1.1 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Job Listings versions 0.1-0.1.1...
WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability
Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...
WordPress User Registration plugin <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability
Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.1.3...
WordPress WPC Admin Columns plugin 2.0.6-2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update vulnerability
Authenticated Subscriber+ Privilege Escalation via User Meta Update vulnerability discovered by kr0d in WordPress Plugin WPC Admin Columns versions 2.0.6-2.1.0...
WordPress Vayu Blocks plugin 1.0.4-1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability
Missing Authorization to Unauthenticated Limited Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions 1.0.4-1.2.1...
SUSE CVE-2025-24912
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...
HCL DRYiCE MyXalytics 安全漏洞
HCL DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Corporation, USA. A security vulnerability exists in HCL DRYiCE MyXalytics that stems from vulnerability to authentication failures...
WordPress Restaurant & Cafe Addon for Elementor Plugin <= 1.5.9 is vulnerable to Broken Access Control
Software Restaurant & Cafe Addon for Elementor Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10780 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation
Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...
WordPress Social Login Plugin <= 5.9.0 is vulnerable to Privilege Escalation
Software Social Login Type Plugin Vulnerable versions = 5.9.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10961 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 284fa6881d99 Credits wesley wcraf...
WordPress Tutor LMS Plugin <= 2.7.6 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.6 Fixed in 2.7.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10393 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 196d31d95c65 Credits 1337Wannabe...
WordPress Easy Twitter Feed Plugin <= 1.2.6 is vulnerable to Broken Access Control
Software Easy Twitter Feed Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10666 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7120bb84b17b Credits Francesc...
WordPress Theme Builder For Elementor Plugin <= 1.2.2 is vulnerable to Broken Access Control
Software Theme Builder For Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10782 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266b574a3c97...
WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication
Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...
WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation
Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...
WordPress External Database Based Actions Plugin <= 0.1 is vulnerable to Privilege Escalation
Software External Database Based Actions Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-10311 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID cd4901766574...
WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change
Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...
WordPress Th Shop Mania Theme <= 1.4.9 is vulnerable to Arbitrary Code Execution
Software Th Shop Mania Type Theme Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Arbitrary Code Execution CVE CVE-2024-10674 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 314680b4b995 Credits Sean...
WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication
Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...