2 matches found
Weblate: Insecure Account Removal
Hi Team, The removal of account is one of the sensitive part of a web application that needs to protect, therefor removing an account should validate the authenticity of the legitimate user, however i have found that when removing an account, the system did not require the user to input the accou...
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery
Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...