Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.7 views

CVE-2025-13990

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

4.3CVSS5.4AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.4 views

CVE-2025-13990 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

4.3CVSS5AI score0.00149EPSS
Exploits0References7
CVE
CVE
added 2026/01/07 9:21 a.m.13 views

CVE-2025-13990

CVE-2025-13990 concerns the Mamurjor Employee Info WordPress plugin. The vulnerability is a Cross-Site Forgery (CSRF) in all versions up to 1.0.0, caused by missing nonce validation on multiple admin actions. This allows unauthenticated attackers to forge requests that create, update, or delete e...

4.3CVSS5AI score0.00149EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1613

Name of the Vulnerable Software and Affected Versions Mamurjor Employee Info plugin for WordPress versions up to and including 1.0.0 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on several administrative functions. This allows...

4.3CVSS6.3AI score0.00149EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin Mamurjor Employee Info 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site reque...

4.3CVSS6.6AI score0.00149EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/06 10:58 p.m.5 views

WordPress Mamurjor Employee Info plugin <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability

Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Mamurjor Employee Info versions = 1.0.0...

4.3CVSS7AI score0.00149EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2024/06/18 1:30 p.m.23 views

AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info

Advanced Micro Devices, Inc. AMD has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums --- AMD has not yet confirmed the breach...

7.3AI score
Exploits0
HackRead
HackRead
added 2024/05/10 10:51 p.m.15 views

Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

By Waqas Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2022/11/30 3:30 p.m.94 views

D4TA-HUNTER - GUI Osint Framework With Kali Linux

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...

7AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/07/07 2:0 p.m.18 views

For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus

Welcome back to the third installment of Rapid7's Pain Points: Ransomware Data Disclosure Trends blog series, where we're distilling the key highlights of our ransomware data disclosure research paper one industry at a time. This week, we'll be focusing on the financial services industry, one of...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2021/05/12 1:52 a.m.84 views

Short story about Clubhouse user scraping and social graphs

TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this...

6.7AI score
Exploits0References3
CVE
CVE
added 2020/11/12 6:52 p.m.66 views

CVE-2020-26805

CVE-2020-26805 : In Sentrifugo 3.2, the admin editing employee details via POST to /sentrifugo/index.php/empadditionaldetails/edit/userid/2 exposes a SQL injection vulnerability in the parameter employeeNumId . An attacker can inject SQL commands through this field to read from or write to the da...

7.2CVSS7.3AI score0.01486EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2015/05/14 12:0 a.m.65 views

用友内部论坛数据备份信息泄露一万多员工已经内部交流信息泄露

简要描述: 看到这有个正在维护的系统,写着"系统正在升级中...将于2011年10月27日正常访问,敬请谅解!" 于是果断扫了目录,果然有数据备份、 涉及一万多的内部人员数据、大量的用友邮箱、还有部分的内部交流信息、 能再上首页吗? 详细说明: 涉及的IP:http://219.141.185.30/wk.htm 备份数据下载地址:http://219.141.185.30/webroot.rar 果断的解压、 数据挺多的,看了下下面这两个比较有意思、 搜了下,涉及用友邮箱一共1500多、 账户总数是一万七千多、 下面这个比较有意思、...

7.1AI score
Exploits0
Rows per page
Query Builder