Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-1761

Name of the Vulnerable Software and Affected Versions User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin versions prior to 4.4.9 Description The plugin is susceptible to a Cross-Site Request Forgery CSRF issu...

5.4CVSS6.5AI score0.00123EPSS
Exploits0References8
CVE
CVE
added 2025/10/29 6:0 a.m.16 views

CVE-2025-9544

CVE-2025-9544 affects the Doppler Forms WordPress plugin (versions up to 2.5.1). The issue is an AJAX action install_extension that does not verify user capabilities or use a nonce, enabling any authenticated user (including Subscriber) to install/activate additional Doppler Forms plugins whiteli...

6.5CVSS6.3AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-18236

Malware in sbrugna...

8.8CVSS8.8AI score0.01325EPSS
Exploits0References2
OSV
OSV
added 2025/01/06 7:23 p.m.15 views

GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy

Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...

6.3CVSS4.9AI score0.00443EPSS
Exploits0References6
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

8.8CVSS5.8AI score
Exploits0References7
NVD
NVD
added 2022/08/08 7:15 p.m.15 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8CVSS0.01067EPSS
Exploits0References2
Prion
Prion
added 2022/08/08 7:15 p.m.20 views

Hardcoded credentials

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

7.5CVSS9.5AI score0.01067EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 6:26 p.m.26 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8AI score0.01067EPSS
Exploits0References2
OSV
OSV
added 2021/06/14 2:15 p.m.5 views

CVE-2021-24356

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activateplugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites...

8.8CVSS7.4AI score0.02997EPSS
Exploits3References2
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.13 views

CVE-2021-24354 Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

8.8AI score0.0148EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.17 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch;...

8.8CVSS1.5AI score0.0148EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder