41 matches found
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...
EUVD-2026-30979
An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...
CVE-2022-23501
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...
EUVD-2009-3610
Malware in sbrugna...
EUVD-2010-3657
Malware in sbrugna...
CVE-2024-11405
The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmpresetpasswordtoken parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin PSW Front-end Login & Registration 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An authorization issue vulnerability exists i...
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...
📄 WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation
WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork:...
WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation
WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...
Exploit for CVE-2025-3605
🚀 CVE-2025-3605 Exploit Guide 🛡️ Vulnerability Summary Th...
CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...
PT-2025-20486 · WordPress · Frontend Login/Registration Blocks
Name of the Vulnerable Software and Affected Versions: Frontend Login and Registration Blocks plugin for WordPress versions 1.0.0 through 1.0.7 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identi...
WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability
Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...
Malicious code in crd-frontend-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2248 Malicious code in crd-frontend-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-J86X-PJMR-9M6W SQL Injection in TYPO3 Frontend Login
Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...
SQL Injection in TYPO3 Frontend Login
Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...
BIT-TYPO3-2022-23501
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...
CVE-2022-23501
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...