CVE-2024-12615 Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-12613

CVE-2024-12613 pertains to the WordPress Passwords Manager plugin. The initial description confirms an unauthenticated SQL Injection via the $wpdb-&gt;prefix value in several AJAX functions, affecting all versions up to and including 1.4.8, due to insufficient escaping and poor query preparation....

CVE-2024-12615

CVE-2024-12615 affects the Passwords Manager plugin for WordPress. It enables SQL Injection via the $wpdb-&gt;prefix value in several AJAX actions in all versions up to and including 1.4.8 due to insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Exp...

CVE-2024-12613 Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...

CVE-2024-12614

CVE-2024-12614 affects the Passwords Manager WordPress plugin (versions up to 1.4.8). The issue is a missing capability check on AJAX actions pms_save_setting and post_new_pass, enabling authenticated users with Subscriber+ privileges to modify plugin settings and add passwords. Public sources (W...

CVE-2024-12614 Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...

PT-2025-1913 · WordPress · Passwords Manager

Name of the Vulnerable Software and Affected Versions: Passwords Manager plugin for WordPress versions up to, and including, 1.4.8 Description: The issue is related to a missing capability check on the pms save setting and post new pass AJAX actions. This allows authenticated attackers with...

WordPress plugin Passwords Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress Passwords Manager plugin <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key vulnerability

Missing Authorization to Authenticated Subscriber+ Add Password + Update Encryption Key vulnerability discovered by Lucio Sá in WordPress Plugin Passwords Manager versions = 1.4.8...

TeamPass 2.1.24 - Multiple Vulnerabilities

Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: : https://github.com/nilsteampassnet/TeamPass Affected Version: 2.1.24...

ETeamPass 2.1.5 Cross Site Scripting

Title: ETeamPass v2.1.5 users.queries.php Persistent Cross-Site Scripting XSS Type: Remote Severity: Medium Impact: Direct execution of arbitrary code in the context of Webserver user. Release Date: 16.04.2012 CVE: CVE-2012-2234 Author: Marcos Garcia @artsweb Release mode: Coordinated release...

Passman Detection

This host is running Collaborative Passwords Manager, a Passwords Manager dedicated for managing passwords in a collaborative way. OpenVAS Vulnerability Test $Id: gbpassmandetect.nasl 5735 2017-03-27 12:27:20Z cfi $ Passman Detection Authors: Michael Meyer Copyright: Copyright c 2010 Greenbone...

Collaborative Passwords Manager (cPassMan) Detection

This host is running Collaborative Passwords Manager cPassMan, a Passwords Manager dedicated for managing passwords in a collaborative way. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Collaborative Passwords Manager 1.07 Multiple Local Include

Exploit for php platform in category web applications =========================================================== Collaborative Passwords Manager 1.07 Multiple Local Include =========================================================== Collaborative Passwords Manager 1.07 Multiple Local Include...

IBM Client Security passwords manager unauthroized access

Password for site is stored based on site's title instead of URL...