32 matches found
CVE-2026-9701
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...
CVE-2026-9701 Eventer <= 4.4.2 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...
EUVD-2026-42163
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...
CVE-2026-9701
The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...
CVE-2026-5076
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
CVE-2026-5076
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
CVE-2026-5076
CVE-2026-5076 concerns ARMember Premium for WordPress (
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
CVE-2026-5076 ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Fix use after free for wext The key information in wext.connect is not reset upon reconnection, and this can retain data from a previous connection. Resetting the key data prevents drivers or mac80211 from...
Authorization Bypass Through User-Controlled Key
Overview @withstudiocms/effect is an Effect-TS Utilities for Astro Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password...
CVE-2025-12845 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...
CVE-2025-12845
CVE-2025-12845 refers to the WordPress plugin Tablesome Table – Contact Form DB (WPForms, CF7, Gravity, Forminator, Fluent) with versions 0.5.4–1.2.1. According to Wordfence, it allows unauthorised access to plugin data and can lead to privilege escalation due to a missing capability check in get...
CVE-2025-15018
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...
CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...
CVE-2025-15018
CVE-2025-15018: Affects Optional Email plugin for WordPress. Root cause: the plugin does not restrict its 'random_password' filter to registration contexts, allowing it to influence password reset key generation. Impact: unauthenticated attackers can set a known password reset key during password...
CVE-2024-51478
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...
Password Reset Attack
yeswiki/yeswiki is vulnerable to weak cryptographic algorithm. The vulnerability is due to poor cryptographic practices, specifically the use of a weak cryptographic algorithm and a hard-coded salt for hashing the password reset key, allowing attackers to recover the reset key and gain unauthoriz...
PT-2024-34645 · Yeswiki · Yeswiki
Name of the Vulnerable Software and Affected Versions: YesWiki versions prior to 4.4.5 Description: The use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is due to the...
YesWiki 加密问题漏洞
YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A cryptographic issue vulnerability exists in versions of YesWiki prior to 4.4.5, which uses a weak encryption algorithm and hardcoding to hash a passwor...