Lucene search
K

41 matches found

Nuclei
Nuclei
added 9 hours ago14 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS8.3AI score0.12729EPSS
Exploits4References5
EUVD
EUVD
added 2026/05/19 12:0 a.m.7 views

EUVD-2026-30979

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations...

5.8AI score0.00047EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.4 views

CVE-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

6.5CVSS6.5AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-3610

Malware in sbrugna...

4.3CVSS6.1AI score0.00442EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2010-3657

Malware in sbrugna...

5.4CVSS5.4AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2025/07/02 4:15 a.m.0 views

CVE-2024-11405

The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmpresetpasswordtoken parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.00476EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.6 views

WordPress plugin PSW Front-end Login & Registration 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An authorization issue vulnerability exists i...

9.8CVSS8.4AI score0.07211EPSS
Exploits3References2
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.362 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...

9.8CVSS7.1AI score0.12729EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/05/13 12:0 a.m.83 views

📄 WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork:...

9.8CVSS9.7AI score0.12729EPSS
Exploits4
Packet Storm News
Packet Storm News
added 2025/05/12 12:0 a.m.2 views

WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2025/05/09 9:45 p.m.499 views

Exploit for CVE-2025-3605

🚀 CVE-2025-3605 Exploit Guide 🛡️ Vulnerability Summary Th...

9.8CVSS7.6AI score0.12729EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2025/05/09 6:42 a.m.12 views

CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the...

9.8CVSS7.4AI score0.12729EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2025/05/09 12:0 a.m.7 views

PT-2025-20486 · WordPress · Frontend Login/Registration Blocks

Name of the Vulnerable Software and Affected Versions: Frontend Login and Registration Blocks plugin for WordPress versions 1.0.0 through 1.0.7 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identi...

9.8CVSS9.7AI score0.12729EPSS
Exploits4References9
Patchstack
Patchstack
added 2025/04/23 8:51 p.m.9 views

WordPress Frontend Login and Registration Blocks plugin <= 1.0.7 - Authenticated (Subscriber+) Privilege Escalation via Password Reset vulnerability

Authenticated Subscriber+ Privilege Escalation via Password Reset vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.0.8...

8.8CVSS8.4AI score0.00223EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 9:46 p.m.3 views

Malicious code in crd-frontend-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/11 9:46 p.m.2 views

MAL-2025-2248 Malicious code in crd-frontend-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c225ce49c193ec137ef2d44bd0ded4bf9da074b818bc455cbe161574dd87f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2024/06/05 2:23 p.m.5 views

GHSA-J86X-PJMR-9M6W SQL Injection in TYPO3 Frontend Login

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...

5.4CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/06/05 2:23 p.m.14 views

SQL Injection in TYPO3 Frontend Login

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability...

7.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/06 11:10 a.m.21 views

BIT-TYPO3-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

6.5CVSS6AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2022/12/14 8:15 a.m.8 views

CVE-2022-23501

TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders partitions, can be bypassed. A...

6.5CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder