4 matches found
EUVD-2026-42163
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
EUVD-2026-25291
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle...
EUVD-2025-34769
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset magic links using the untrusted req.headers.host header and forces the http:// scheme. An attacker who can control the Host header or exploit a misconfigured proxy/load-balancer that forwards the header unchanged can cause reset lin...