3 matches found
PT-2023-31077 · WordPress · Login With Phone Number Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the lwp update password action function. This allows...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in useradmin.php in Open Media Collectors Database OpenDb 1.0.6 allows remote attackers to change arbitrary passwords via an updatepassword action...
CVE-2008-3938
Cross-site request forgery CSRF vulnerability in useradmin.php in Open Media Collectors Database OpenDb 1.0.6 allows remote attackers to change arbitrary passwords via an updatepassword action...