7 matches found
CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification
The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...
CVE-2025-32378
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
Shopware default newsletter opt-in settings allow for mass sign-up abuse
Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...
PT-2025-15708 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue concerns the default settings for double-opt-in in Shopware, which allows for mass unsolicited newsletter sign-ups without confirmation...
CVE-2025-0245 Lock screen setting bypass in Firefox Focus for Android
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...
CVE-2022-41839 WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability in WordPress LoginPress plugin = 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings...
PT-2022-26091 · WordPress · Wordpress Loginpress
Name of the Vulnerable Software and Affected Versions: WordPress LoginPress plugin versions 1.6.2 and earlier Description: A Broken Access Control issue exists, allowing unauthorized changes to Opt-In or Opt-Out tracking settings. Recommendations: For WordPress LoginPress plugin versions 1.6.2 an...