WP Directory Kit <= 1.4.4 - Authentication Bypass

The WP Directory Kit plugin for WordPress version 1.4.4 and below contains an authentication bypass vulnerability in its auto-login functionality. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting a cryptographically weak token generation mechanism tha...

CVE-2023-2781

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...

CVE-2023-2781

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...

PT-2022-27339 · Seeddms · Seeddms

Name of the Vulnerable Software and Affected Versions: SeedDMS versions 5.1.7 through 6.0.20 Description: The issue is related to weak reset token generation, allowing attackers to execute a full account takeover via a brute force attack. Recommendations: For SeedDMS version 5.1.7, update to a...

Phabricator: Broken Authentication and Session Management lead to take over account

Hello, I found vulnerability using phone Summary : Session token weakness, allowing attackers to take over accounts Tools : Lightning.apk Browser SandroProxy.apk or you can use all available proxies Steps to Reproduce: 1 Create a phacility account. 2 Go to...

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...