Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49421

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00733EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/05 5:32 p.m.4 views

CVE-2025-10014 elunez eladmin Email Address updateEmail updateUserEmail improper authorization

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote...

3.1CVSS4AI score0.00256EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/24 1:56 a.m.33 views

CVE-2024-8795 BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...

8.8CVSS0.003EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/24 1:56 a.m.15 views

CVE-2024-8795 BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover

The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...

8.8CVSS8.6AI score0.003EPSS
Exploits0References4
OSV
OSV
added 2023/04/24 4:26 p.m.27 views

CVE-2023-30544 Kiwi TCMS may allow user to update email address to unverified one

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

3.9CVSS4.7AI score0.00419EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.39 views

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.7AI score0.01798EPSS
Exploits1References2
Rows per page
Query Builder