Lucene search
K

8 matches found

OSV
OSV
added 2024/10/19 7:8 a.m.12 views

BIT-DJANGO-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

5.3CVSS5.5AI score0.00805EPSS
Exploits0References4
NVD
NVD
added 2024/10/08 4:15 p.m.15 views

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

5.3CVSS0.00805EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/08 12:0 a.m.18 views

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

0.00805EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/08/22 3:2 p.m.21 views

CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...

5AI score0.00308EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.26 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS3.8AI score0.00308EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.137 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS1.7AI score0.00308EPSS
Exploits2
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.21 views

WordPress Like Button Rating LikeBtn plugin <= 2.6.44 - Arbitrary e-mail Sending vulnerability

Arbitrary e-mail Sending vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating LikeBtn plugin versions = 2.6.44. Solution Update the WordPress Like Button Rating LikeBtn plugin to the latest available version at least 2.6.45...

6.5CVSS3.3AI score0.0077EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.117 views

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

6.5CVSS0.4AI score0.0077EPSS
Exploits2
Rows per page
Query Builder