9 matches found
CVE-2026-12416
The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...
CVE-2023-51301
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
PT-2025-7286 · Phpjabbers · Phpjabbers Hotel Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Hotel Booking System version 4.0 Description: A lack of rate limiting in the "Login Section, Forgot Email" feature allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial o...
PHPJabbers Hotel Booking System 安全漏洞
PHPJabbers Hotel Booking System is a hotel booking system from PHPJabbers, Inc. A security vulnerability exists in PHPJabbers Hotel Booking System version 4.0, which originates from a denial of service due to a lack of rate limiting in the Login Section and Forgot Email functionality...
PHPJabbers Cinema Booking System 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Cinema Booking System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cinema-booking-system/sectionDemo Version: v1.0 Tested on: Windo...
PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Event Ticketing System v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Tested on...
PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...
Seo Panel Cross-Site Scripting Vulnerability (CNVD-2021-01543)
SEO Panel is a free, open source SEO optimization software. A reflective cross-site scripting vulnerability exists in Seo Panel 4.8.0. An attacker can exploit this vulnerability via the seo/seopanel/login.php?sec=forgot email parameter to conduct a cross-site scripting attack...
SEO Panel 跨站脚本漏洞
SEO Panel is a free, open source SEO optimization software. A reflective cross-site scripting vulnerability exists in Seo Panel 4.8.0. An attacker can exploit this vulnerability via the seo/seopanel/login.php?sec=forgot email parameter to conduct a cross-site scripting attack...