5 matches found
EUVD-2023-34028
Malicious code in bioql PyPI...
Cross site request forgery (csrf)
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2545
CVE-2023-2545 : The Feather Login Page plugin for WordPress (versions 1.0.7–1.1.1) has two concrete flaws. First, a missing capability check on the getListOfUsers function allows authenticated users with subscriber-level permissions and above to access login links, enabling potential privilege es...
WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Broken Access Control
Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2545 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 109ff0ae5394 Credits Lana Codes Required...