Lucene search
K

5 matches found

NVD
NVD
added 2025/04/12 7:15 a.m.15 views

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

5.3CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2025/04/12 7:15 a.m.2 views

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

5.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2022/09/15 3:21 a.m.16 views

GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/15 3:21 a.m.20 views

Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

2.6AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.2 views

PT-2022-28272 · Pageflow · Pageflow

Name of the Vulnerable Software and Affected Versions: Pageflow versions prior to 14.5.2 Pageflow versions prior to 15.7.1 Description: The issue allows attackers to update membership objects associated with their own account to be associated with a different account, potentially compromising all...

7.2AI score
Exploits0References4
Rows per page
Query Builder