10906 matches found
WordPress FoodBook Lite – Online Food Ordering System plugin <= 1.5.6 - Missing Authorization to Unauthenticated User Registration vulnerability
Missing Authorization to Unauthenticated User Registration vulnerability discovered by Eason in WordPress Plugin FoodBook Lite – Online Food Ordering System versions = 1.5.6...
EUVD-2026-43284
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
CVE-2026-11963
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
CVE-2026-11963
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
EUVD-2026-43088
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
PT-2026-57423
Name of the Vulnerable Software and Affected Versions Genolve – AI image AI video generation plugin for WordPress versions prior to 5.0.6 Description Authenticated attackers with Contributor-level access and above can perform unauthorized modification of data. This is caused by a missing capabili...
CVE-2026-15089
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
CVE-2026-15089
The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...
CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...
CVE-2026-59795
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...
CVE-2026-59795
CVE-2026-59795 affects JetBrains TeamCity prior to 2026.1.2. The vulnerability is a stored XSS via unauthenticated agent registration, enabling cross-site script execution under defined conditions. CVSSv3.1 base score 8.1 (HIGH) with network attack vector, low attack complexity, no privileges req...
CVE-2026-59795
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...
EUVD-2026-42913
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...
CVE-2026-12276
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...
CVE-2026-12276
Affected software: LA-Studio Element Kit for Elementor WordPress plugin
CVE-2026-12276 LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...
CVE-2026-12276
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...
EUVD-2026-42829
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...
PT-2026-57186
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible through the unauthenticated agent registration process. Stored XSS occurs when an application receives data from a user and includes that dat...