3 matches found
Brute Force
Overview Affected versions of this package are vulnerable to Brute Force through the handleToken process. An attacker can gain unauthorized access to user accounts by performing unlimited authentication attempts without restriction. PoC 20 attempts — zero rate limiting for i in $seq 1 20; do curl...
CVE-2025-9213
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
WordPress plugin TextBuilder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...