Lucene search
+L

32 matches found

NVD
NVD
added 2026/07/08 5:16 a.m.12 views

CVE-2026-9701

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.41 views

CVE-2026-9701 Eventer <= 4.4.2 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 4:30 a.m.10 views

EUVD-2026-42163

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 4:30 a.m.14 views

CVE-2026-9701

The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 8:16 p.m.18 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:30 p.m.13 views

CVE-2026-5076

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.01383EPSS
Exploits3References3
CVE
CVE
added 2026/06/02 6:30 p.m.39 views

CVE-2026-5076

CVE-2026-5076 concerns ARMember Premium for WordPress (

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:30 p.m.14 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00419EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/02 6:30 p.m.33 views

CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS0.00419EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext The key information in wext.connect is not reset upon reconnection, and this can retain data from a previous connection. Resetting the key data prevents drivers or mac80211 from...

7.8CVSS5.3AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:49 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password...

7.2CVSS5.8AI score0.00344EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.33 views

CVE-2025-12845 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

8.8CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 3:25 a.m.24 views

CVE-2025-12845

CVE-2025-12845 refers to the WordPress plugin Tablesome Table – Contact Form DB (WPForms, CF7, Gravity, Forminator, Fluent) with versions 0.5.4–1.2.1. According to Wordfence, it allows unauthorised access to plugin data and can lead to privilege escalation due to a missing capability check in get...

8.8CVSS5.5AI score0.00356EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.5 views

CVE-2025-15018

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...

9.8CVSS6.2AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.28 views

CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...

9.8CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 8:21 a.m.24 views

CVE-2025-15018

CVE-2025-15018: Affects Optional Email plugin for WordPress. Root cause: the plugin does not restrict its 'random_password' filter to registration contexts, allowing it to influence password reset key generation. Impact: unauthenticated attackers can set a known password reset key during password...

9.8CVSS5.8AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:20 a.m.27 views

CVE-2024-51478

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...

9.9CVSS6.7AI score0.00368EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/13 10:53 a.m.14 views

Password Reset Attack

yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...

9.9CVSS7AI score0.00368EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.11 views

PT-2024-34645 · Yeswiki · Yeswiki

Name of the Vulnerable Software and Affected Versions: YesWiki versions prior to 4.4.5 Description: The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is due to the...

9.9CVSS7.2AI score0.00368EPSS
Exploits1References12
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.6 views

YesWiki 加密问题漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A cryptographic issue vulnerability exists in versions of YesWiki prior to 4.4.5, which uses a weak encryption algorithm and hardcoding to hash a passwor...

9.9CVSS6.7AI score0.00368EPSS
Exploits1References3
Rows per page
Query Builder