Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5722

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible...

9.8CVSS5.4AI score0.00458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.2 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 5:24 p.m.2 views

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS5.7AI score0.00294EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/08 5:24 p.m.6 views

EUVD-2026-20534

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS5.8AI score0.00294EPSS
Exploits0References6
Rows per page
Query Builder