2 matches found
CVE-2025-5651
A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument userid/username/email/name/position leads to cross site scripting. The...
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation
The plugin is lacking any CSRF and capability checks when creating and editing User Fields, allowing unauthorised edition and creation of them either via CSRF or as any user including unauthenticated v1.1.5 added CSRF but still no capability check PoC POST...