WordPress All in One Invite Codes Plugin < 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software All in One Invite Codes Type Plugin Vulnerable versions 1.1.11 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 070ddaecd3e9 Credits Rafie Muhammad Patchstac...

WordPress All in One Invite Codes plugin <= 1.0.12 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

WordPress All in One Invite Codes plugin <= 1.0.12 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress All in One Invite Codes plugin versions = 1.0.12. Solution Update the WordPress All in One Invite Codes plugin to the latest available version at least 1.0.13...

Uber: Possibility to brute force invite codes in riders.uber.com

When adding new promotion codes for free rides, one could brute force invitation codes since there is no protection against brute force attacks. When going to payment page, it's possible to apply promotion code. If we intercept this request, we can brute force codes, since there is no captcha or...

Uber: Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers

Invite codes are 5 alphanumeric lower case characters. This means there are 36 26 + 10 possible options for each space in the invite code. In total this means there are 36^5 or 60,466,176 possible invite codes. Through enumerating through all possible invite codes, one can find the total number o...