14 matches found
EUVD-2026-14178
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546
The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...
CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2016-10856
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds SEC-29...
There is still a risk that operators or executors can backdoor the subaccount.
Lines of code Vulnerability details Impact The checkSubAccountSecurityConfig function ensures that the guard and fallback handler have not been disabled or updated, and that the owner console as a module has not been disabled by any operators or executors. This helper function is used as a last...
Protocol's invariants can be broken
Lines of code Vulnerability details Impact Due to insufficient input validation to the inputs of the external function "deploySubAccount" in the SafeDeployer.sol contract,A malcious subAccount wallet can be imported,registered and then take control over other subAccounts. This can cause many...
Showmax: delete the subaccount from the user id
Entry in order to delete this sub-profile, you must first create an account. then you need to find the user id and master id of the account that you will delete, you can do a brute force attempt to find it, if it holds, you can delete the child profile of this person or view a lot of information...
CVE-2022-1571
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...
CVE-2022-1571 Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...
Cross-site scripting - Reflected in Create Subaccount
Description Cross-site scripting - Reflected in Create Subaccount via codsubcuenta parameter. Proof of Concept POST /facturascripts/EditSubcuenta HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:100.0 Gecko/20100101 Firefox/100.0 Accept:...
Code injection
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds SEC-29...