Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/12/21 9:12 a.m.8 views

CVE-2025-12492

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2025/12/20 9:15 a.m.5 views

CVE-2025-12492

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

5.3CVSS0.00437EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/20 8:22 a.m.5 views

CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

5.3CVSS5.4AI score0.00437EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/20 8:22 a.m.23 views

CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...

5.3CVSS0.00437EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.3 views

Rallly 安全特征问题漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security feature issue vulnerability exists in Rallly 3.22.1 and prior versions that stems from a 6-digit token with low entropy and no brute force...

9.8CVSS6.4AI score0.00534EPSS
Exploits1References2
Prion
Prion
added 2018/05/16 2:29 p.m.14 views

Session fixation

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...

5CVSS6.9AI score0.01065EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/05/16 2:29 p.m.4 views

CVE-2018-10240

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...

7.3CVSS5.8AI score0.01065EPSS
Exploits0References1
Rows per page
Query Builder