CVE-2020-36875

AccessAlly WordPress plugin

PT-2026-1686

Name of the Vulnerable Software and Affected Versions AccessAlly versions prior to 3.3.2 Description The AccessAlly WordPress plugin contains a flaw where the login error parameter in the Login Widget is treated as PHP code. This allows a remote attacker to execute arbitrary PHP code within the...

WordPress plugin AccessAlly 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-201846

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

CVE-2023-44915

A cross-site scripting XSS vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the loginerror parameter...