CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint /api/webauthn/prepare creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited us...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in the registration feature. An attacker with a registered user account can create user accounts that can access private data even when registration is disabled...

CVE-2024-10393

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'userscanregister' option in the 'registerinstructor' function. This makes it possible for unauthenticated attackers to register as the...

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to register as the...

Security feature bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

UserPro < 5.1.7 - Disabled Membership Registration Bypass

Description The plugin is vulnerable to Security Feature Bypass, due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings, allowing unauthenticated attackers to register an account even when account registration has...

TeamCity Disabled Registration Bypass

var login = 'testuser'; //DD3/4D3D,D1/2 D?D3/4DNDD3/4D2DdegNDuDN var password = 'SuperMEgaPa$$'; //D?DdegND3/4DN var email = '[email protected]'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword, $F"publicKey";...

TeamCity < 9.0.2 - Disabled Registration Bypass Exploit

TeamCity 9.0.2 - Disabled Registration Bypass Exploit var login = 'testuser'; //логин пользователя var password = 'SuperMEgaPa$$'; //пароль var email = 'email protected'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword,...

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

TeamCity 9.0.2 - Disabled Registration Bypass

TeamCity 9.0.2 - Disabled Registration Bypass var login = 'testuser'; //логин пользователя var password = 'SuperMEgaPa$$'; //пароль var email = '[email protected]'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass =...

[20161001] - Core - Account Creation

Inadequate checks allows for users to register on a site when registration has been disabled...