CVE-2025-13728

The WordPress plugin FluentAuth – The Ultimate Authorization & Security Plugin for WordPress (Wordfence report) is vulnerable to Stored XSS via the fluent_auth_reset_password shortcode in all versions up to 2.0.3 due to insufficient input sanitization/output escaping of user-provided shortcode at...

CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

CVE-2025-51543

CVE-2025-51543 affects Cicool builder 3.4.4. The vulnerability allows an attacker to reset the administrator password via the /administrator/auth/reset_password endpoint. The CVSS 3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector, no privileges or user interaction required, and impacts ...

QIWI: [lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN

Steps to reproduce 1 Открыть https://lk.contact-sys.com/index.php/LK/login 2 Нажать "Забыли пароль?" 3 Заполнить форму Код Участника: test Логин: ' and @@version=1 and '1'='1 HTTP Request http POST /index.php/LK/resetpassword HTTP/1.1 Host: lk.contact-sys.com Content-Type:...

CVE-2015-7706

Multiple cross-site scripting XSS vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to api/v3/public/shares/downloads/, the 2 authType parameter to api/v3/auth/login, or the 3 login parameter to...

TinyRise 邮件欺诈可重置任何人密码和后台sql注射

简要描述： TinyRise 邮件欺诈可重置任何人密码和后台sql注射 详细说明： simple.php: public function forgetact $email = Filter::sqlReq::args'email'; $model = $this-model-table'user'; $obj = $model-where"email = '".$email."'"-find; if!empty$obj $model = $this-model-table'resetpassword'; $obj = $model-where"email =...