Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

CVE-2025-12677

The KiotViet Sync WordPress plugin (versions up to and including 1.8.5) is vulnerable to Sensitive Information Exposure through register_api_route() in kiotvietsync/includes/public_actions/WebHookAction.php. Unauthenticated attackers can extract the webhook token value when configured. Public rep...

SUSE CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

PYSEC-2023-248

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

PT-2023-8085

Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...

CVE-2020-36713

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'updateuserprofile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delet...

WordPress Plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Cross site scripting

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...

CVE-2017-11179

FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account...