10 matches found
CVE-2025-13728
The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluentauthresetpassword shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping o...
WordPress FluentAuth - Auth Security Plugin plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode vulnerability
WordPress FluentAuth - Auth Security Plugin plugin = 2.0.3 - Authenticated Contributor+ Stored Cross-Site Scripting via 'fluentauthresetpassword' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress...
CVE-2025-13728
The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluentauthresetpassword shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping o...
CVE-2025-13728
The WordPress plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress (Wordfence report) is vulnerable to Stored XSS via the fluent_auth_reset_password shortcode in all versions up to 2.0.3 due to insufficient input sanitization/output escaping of user-provided shortcode at...
CVE-2025-13728 FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode
The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluentauthresetpassword shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping o...
EUVD-2025-203364
The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fluentauthresetpassword shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping o...
EUVD-2022-52044
Malicious code in bioql PyPI...
CVE-2022-4746
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...
CVE-2022-4746 FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...
PT-2023-15337 · WordPress · Fluentauth
Name of the Vulnerable Software and Affected Versions: FluentAuth WordPress plugin versions prior to 1.0.2 Description: The issue allows an attacker to bypass IP-based blocks set by the plugin. This is possible because the plugin prioritizes getting a visitor's IP address from certain HTTP header...