3 matches found
CVE-2026-28557
wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...
ecrecover function is vulnerable to signature malleability
Lines of code Vulnerability details Impact Signature malleability potential exists which can be carried out by malicious actor to have two or more signatures that recover signer of same message. ecrecover function can be used to recover address by having signature and signed message hash to which...
CVE-2022-3794
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not...