17 matches found
CVE-2026-14690
Affected product: SourceCodester Multi-Vendor Online Grocery Management System 1.0. Vulnerable component: function save_users in classes/Users.php. Root cause: manipulation leads to improper authorization. Impact described: remote exploitation is possible and the exploit has been made publicly av...
CVE-2026-1455
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...
CVE-2026-1455 Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...
PT-2026-20637
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfw save users settings' AJAX action. This makes it possible for unauthenticated...
WordPress Whatsiplus Scheduled Notification for Woocommerce plugin <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action vulnerability
Cross-Site Request Forgery to 'wsnfwsaveuserssettings' AJAX Action vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Whatsiplus Scheduled Notification for Woocommerce versions = 1.0.1...
CVE-2025-2655
A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function saveusers/deleteusers of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The...
PT-2024-38489 · Sourcecodester · Sourcecodester Car Driving School Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A problematic issue was found, affecting the save users function of the file admin/user/index.php. This leads to cross-site request forgery, which can be initiated...
CVE-2024-6649
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function saveusers of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched...
PT-2024-37776 · Sourcecodester · Sourcecodester Employee/Visitor Gate Pass Logging System
Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. The issue affects the save users function of the Users.php file, leading to...
CVE-2024-5896
A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function saveusers of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...
PT-2024-37231 · Sourcecodester · Employee/Visitor Gate Pass Logging System
Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue was found in the save users function of the /classes/Users.php file, specifically in the id argument, which leads to sql injection. This...
CVE-2024-3139
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function saveusers of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack ma...
CVE-2023-3636
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...
CVE-2022-31294
An issue in the saveusers function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts...
Sourcecodester Online Discussion Forum Site 跨站请求伪造漏洞
Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum. A security vulnerability in Sourcecodester Online Discussion Forum Site version 1.0, which stems from an issue in the saveusers function, allows an unauthenticated attacker to arbitrarily...
PT-2022-20670 · Online Discussion Forum Site +1 · Online Discussion Forum Site
Name of the Vulnerable Software and Affected Versions: Online Discussion Forum Site 1 affected versions not specified Description: The issue allows unauthenticated attackers to arbitrarily create or update user accounts due to a problem in the save users function. Recommendations: At the moment,...
CVE-2018-18808
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a...