CVE-2026-6046

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

CVE-2026-6046

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

EUVD-2026-36502

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

CVE-2026-6046 Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

PT-2026-48936

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

EUVD-2024-29268

Malicious code in bioql PyPI...

CVE-2024-31372

Cross-Site Request Forgery CSRF vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1...

No-Bot Registration < 2.0 - Cross-Site Request Forgery

Description The No-Bot Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the ajdgnobotdashboard function. This makes it possible for unauthenticated attackers to moderate v...

CVE-2024-31372

Cross-Site Request Forgery CSRF vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1...

CVE-2024-31372 WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1...

CVE-2024-31372 WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1...

CVE-2024-31372

Technical details about CVE-2024-31372 are not provided in the supplied documents. It describes a CSRF vulnerability in No-Bot Registration plugin versions n/a–1.9.1; monitor for published advisories for remediation.

WordPress Plugin No-Bot Registration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-24018 · Unknown · Arnan De Gans No-Bot Registration

Name of the Vulnerable Software and Affected Versions: Arnan de Gans No-Bot Registration versions 1.9.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

WordPress No-Bot Registration plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin No-Bot Registration versions = 1.9.1...

WordPress No-Bot Registration Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software No-Bot Registration Type Plugin Vulnerable versions = 1.9.1 Fixed in 2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31372 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b7c8039d72cc Credits Majed Refaea...

Emotet modules and recent attacks

Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of...