5 matches found
CVE-2026-3642
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
EUVD-2002-1519
Malware in sbrugna...
EUVD-2001-1169
Malware in sbrugna...
CVE-2003-1212
MaxWebPortal 1.30 is affected. The vulnerability allows remote attackers to perform unauthorized actions by tampering with hidden form fields (examples: news, lock, allmem) on the 'start new topic' HTML page. Root cause is modification of hidden fields, enabling unauthorized actions. The availabl...