Lucene search
+L

606 matches found

NVD
NVD
added 7 hours ago6 views

CVE-2026-12715

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS
Exploits0References1
Cvelist
Cvelist
added 8 hours ago12 views

CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS
Exploits0References1
CVE
CVE
added 8 hours ago6 views

CVE-2026-12715

CVE-2026-12715 describes a missing authorization flaw in Google Cloud Firebase Studio for versions prior to 2026-04-15, enabling an attacker to download other users’ deployed source code and access sensitive data via unauthorized Google Cloud Storage URL signing requests. The issue has a high imp...

8.5CVSS5.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 8 hours ago4 views

CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.5AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-45187

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 23 hours ago5 views

PT-2026-60778

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.5AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8787

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS5.6AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 a.m.19 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS0.00492EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/29 6:43 a.m.13 views

EUVD-2026-33255

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
CVE
CVE
added 2026/05/29 6:43 a.m.42 views

CVE-2026-3655

The CVE-2026-3655 entry describes an authentication bypass in the WordPress plugin “OTP Login With Phone Number, OTP Verification” versions 1.8.50–1.8.60. The root cause is a Firebase verification flow in the lwp_ajax_register AJAX handler that does not bind the Firebase session to the submitted ...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/29 6:43 a.m.11 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:43 a.m.12 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/29 6:43 a.m.37 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS0.00492EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44756

Name of the Vulnerable Software and Affected Versions OTP Login With Phone Number, OTP Verification plugin for WordPress versions 1.8.50 through 1.8.60 Description An authentication bypass exists due to the Firebase verification flow in the 'lwp ajax register' AJAX handler not binding the Firebas...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin OTP Login With Phone Number OTP Verification 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.8AI score0.00492EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/27 9:10 a.m.11 views

WordPress Firebase Support & Chat Management plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Farrukh Ziyaev in WordPress Plugin Firebase Support & Chat Management versions = 3.1.1...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/27 7:16 a.m.19 views

CVE-2026-8787

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS0.00283EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 5:31 a.m.13 views

EUVD-2026-32079

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS6AI score0.00283EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8787 Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS6AI score0.00283EPSS
Exploits0References5
Rows per page
Query Builder