2 matches found
CVE-2022-36090
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
Deserialization of untrusted data
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to 1 add a user by uploading a crafted CSV file or 2 activate a user account via a verifyit action...