CVE-2025-70833

The CVE-2025-70833 entry maps to a concrete issue in Smanga 3.2.7 where an authentication bypass is possible due to insecure permission validation in check-power.php. An unauthenticated attacker can manipulate POST parameters to reset any user’s password (including admin) and fully takeover the a...

CVE-2025-12866 Hundred Plus｜EIP Plus - Weak Password Recovery Mechanism

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password...

WordPress Appy Pie Connect for WooCommerce plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Appy Pie Connect for WooCommerce plugin suffers from a missing authorization vulnerability that stems from a lack of authorization checks in the resetuserpassword...

CVE-2025-9286

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the resetuserpassword REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of...

CVE-2025-9286 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the resetuserpassword REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of...

EUVD-2025-32280

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the resetuserpassword REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

Avaya Scopia Pathfinder 访问控制错误漏洞

Avaya Scopia Pathfinder is a complete firewall and NAT traversal solution from Avaya USA. An Access Control Error vulnerability exists in Avaya Scopia Pathfinder version 8.3.7.0.4, which originates from a compromised access control in user authentication, allowing an unauthenticated, remote...

Logic Flaw Vulnerability at Workbot Forgot Password

Work treasure is a mobile collaborative office platform for enterprises developed by Guangdong Jiamei Technology Co. There is a logic flaw vulnerability in WorkPower's forgotten password, which can be exploited by an attacker to reset any user's password and obtain sensitive information...

designer.diealbenmanufaktur.de XSS vulnerability

Open Bug Bounty ID: OBB-670717 Description| Value ---|--- Affected Website:| designer.diealbenmanufaktur.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Discuz! Reset User Password Vulnerability

由于Discuz! 的随机数使用的播种缺陷,在找会用户密码时可以暴力得到id的随机hash,从而导致容易修改用户密码的严重漏洞.br / Discuz 5.x/6.x/7.x 暂无，等待官方补丁 !/usr/bin/php ?php printr' +---------------------------------------------------------------------------+ Discuz! Reset User Password Exploit by 80vul team: http://www.80vul.com...