EUVD-2026-30979

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

CVE-2024-11405

The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmpresetpasswordtoken parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...

CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...

WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability

Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...

GHSA-J86X-PJMR-9M6W SQL Injection in TYPO3 Frontend Login

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...

SQL Injection in TYPO3 Frontend Login

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...

BIT-TYPO3-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

CVE-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

CVE-2022-23501 TYPO3 vulnerable to Improper Authentication in Frontend Login

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

GHSA-JFP7-79G7-89RF TYPO3 CMS vulnerable to Weak Authentication in Frontend Login

Problem Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. Solution Update to TYPO3...

TYPO3 CMS vulnerable to Weak Authentication in Frontend Login

Problem Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. Solution Update to TYPO3...

TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-013...

PT-2022-16034 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.49 TYPO3 versions prior to 9.5.38 TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 Description: The issue concerns Improper Authentication in TYPO3, an open source PHP...

Cross-Site Scripting in TYPO3's Frontend Login Mailer

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.9 Problem User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. Solution Update to TYPO3 versions 9.5.35...

GHSA-H4MX-XV96-2JGM Cross-Site Scripting in TYPO3's Frontend Login Mailer

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.9 Problem User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. Solution Update to TYPO3 versions 9.5.35...

SQL Injection Vulnerability in YYcms Frontend Login Page

YYCMS movie and television, rain rain CMS movie and television, is a fully automatic collection of video sites. YYcms foreground login page exists SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

Design/Logic Flaw

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box...

CVE-2010-3669

TYPO3 vulnerability CVE-2010-3669 affects frontend login box. Affects TYPO3 core/frontend login in versions: &lt; 4.2.13, &lt; 4.3.4 (4.3.x), and