27 matches found
CVE-2026-2997 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
CVE-2026-2997
CVE-2026-2997 : WisdomGarden’s Tronclass contains an insecure direct object reference. An authenticated remote attacker who learns a course ID can modify a parameter to obtain a course invitation code and join any course. Public exploitation details are not provided in the connected documents; re...
PT-2026-21493
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course invitation code, thereby joining any course...
EUVD-2021-11153
Malware in sbrugna...
EUVD-2015-7301
Malware in sbrugna...
EUVD-2022-24956
Malicious code in bioql PyPI...
CVE-2022-4965
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘targetid’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...
CVE-2022-4965
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘targetid’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Plugin Invitation Code Content Restriction Plugin from CreativeMinds 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Invitation Code Content Restriction Plugin from CreativeMinds Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Invitation Code Content Restriction Plugin from CreativeMinds Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4965 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownershi...
WordPress New User Approve plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which...
CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visitin...
WordPress plugin New User Approve 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which...
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. PoC Add...
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. Add code...
WordPress New User Approve plugin <= 2.3 - Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability
Arbitrary Settings Update & Invitation Code Creation via CSRF vulnerability discovered by Daniel Ruf in WordPress New User Approve plugin versions = 2.3. Solution Update the WordPress New User Approve plugin to the latest available version at least 2.4...
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...
Authentication flaw
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...