Lucene search
K

7 matches found

Cvelist
Cvelist
added 2025/12/13 3:20 a.m.24 views

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

4.3CVSS0.002EPSS
Exploits0References4
NVD
NVD
added 2025/04/09 4:15 p.m.13 views

CVE-2025-32378

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

6.9CVSS0.0027EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/09 1:53 p.m.12 views

Shopware default newsletter opt-in settings allow for mass sign-up abuse

Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...

6.9CVSS6.8AI score0.0027EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.10 views

PT-2025-15708 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue concerns the default settings for double-opt-in in Shopware, which allows for mass unsolicited newsletter sign-ups without confirmation...

6.9CVSS6.3AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/07 4:7 p.m.21 views

CVE-2025-0245 Lock screen setting bypass in Firefox Focus for Android

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...

0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/18 9:47 p.m.9 views

CVE-2022-41839 WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability in WordPress LoginPress plugin = 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings...

5.3CVSS5.2AI score0.00479EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.4 views

PT-2022-26091 · WordPress · Wordpress Loginpress

Name of the Vulnerable Software and Affected Versions: WordPress LoginPress plugin versions 1.6.2 and earlier Description: A Broken Access Control issue exists, allowing unauthorized changes to Opt-In or Opt-Out tracking settings. Recommendations: For WordPress LoginPress plugin versions 1.6.2 an...

5.3CVSS5.1AI score0.00479EPSS
Exploits0References3
Rows per page
Query Builder