3 matches found
CVE-2026-12761
Summary (CVE-2026-12761) The miniOrange Social Login and Register plugin for WordPress is vulnerable through the Profile Completion OTP flow in versions up to and including 7.7.0. The flow accepts an arbitrary email via the email_field POST parameter and does not verify that the email belongs to ...
Veris: Complete or Edit Another User's Profile
Hi, I've found an issue where verified users can complete and submit a profile on behalf of another user. I've attached two video POCs unlisted on YouTube. Completion - https://www.youtube.com/watch?v=erH7ShUpqso Editing - https://youtu.be/IQboAIHNpq4 Steps to reproduce: 1. Register a new user...
Slack: Stored XSS in Slackbot Direct Messages
Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...