CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

CVE-2013-7305

fpw.php in e107 through 1.0.4 does not check the userban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user...

EUVD-2022-15395

Malicious code in bioql PyPI...

CVE-2024-1539 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...

WordPress Ad Invalid Click Protector plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...

CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

Cross site request forgery (csrf)

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191 Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF

The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...

CVE-2022-0191

The CVE-2022-0191 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin prior to version 1.2.7. The root cause is a missing CSRF check when deleting banned users, allowing a logged-in administrator to remove arbitrary bans via CSRF. Documents confirm this affects the AICP plugin a...

WordPress plugin Ad Invalid Click Protector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...

HackerOne: User's who are banned from program can still be invited to the new reports as collaborators

Summary: Hello team! We have found out that the banned user's who are banned from program can be invited to the new reports as collaborator users. This is pretty weird because the hacker should be banned and no new reports shouldn't be allowed. If program bans the hacker the program can't invite...

MyBB Bans List 1.0 Cross Site Scripting

Exploit Title: MyBB Bans List - Cross Site Scripting Date: 7/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1. Description: Adds bans.php page, showing a li...

Whatsapp Banned Users For Using WhatsApp PLUS App

Are you one of those victims whose WhatsApp app has recently been banned?? Then you must have installed a 3rd-party version of WhatsApp client, like WhatsAppMD or Whatsapp PLUS in your mobile phone for sure. Reportedly after 12 AM IST on 21st January 2015, WhatsApp, the widely popular messaging...

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ----------------------------------------------------------------------------------------------- Title: KosmosBlog 0.9.3 SQLi/XSS/CSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com...

1Book Guestbook Script 1.0.1 - Code Execution

========================================================= =============== JIKI TEAM Maroc And YameN =============== ========================================================= Author : jiko email : [email protected] Home : www.no-back.org & no-exploit.com Script : 1Book Guestbook Script Bug : remo...