7 matches found
CVE-2025-12492
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-12492
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajaxgetmembers function. This is due to the use of a...
Rallly 安全特征问题漏洞
Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security feature issue vulnerability exists in Rallly 3.22.1 and prior versions that stems from a 6-digit token with low entropy and no brute force...
Session fixation
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...
CVE-2018-10240
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...