Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.8 views

CVE-2025-1564

The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrator...

9.8CVSS6.8AI score0.00515EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50744

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.00553EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.7 views

PT-2025-27068 · WordPress · Simple Payment

Name of the Vulnerable Software and Affected Versions: Simple Payment plugin for WordPress versions 1.3.6 through 2.3.8 Description: The issue is related to Authentication Bypass, which occurs because the plugin does not properly verify a user's identity prior to logging them in through the creat...

9.8CVSS7AI score0.00452EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/06/14 5:58 a.m.8 views

CVE-2025-4973

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

9.8CVSS9.6AI score0.00435EPSS
Exploits0References1
CVE
CVE
added 2025/06/12 5:23 a.m.62 views

CVE-2025-4973

CVE-2025-4973: The Workreap WordPress plugin (Workreap theme) is vulnerable to authentication bypass in versions up to 3.3.1. The flaw stems from improper verification of a user’s identity during email-based account verification, enabling unauthenticated attackers to log in as registered users (i...

9.8CVSS7.4AI score0.00435EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.6 views

PT-2025-25280 · WordPress · Workreap

Name of the Vulnerable Software and Affected Versions: Workreap plugin for WordPress versions up to, and including, 3.3.1 Description: The issue arises from the plugin's failure to properly verify a user's identity before logging them in when verifying an account with an email address. This allow...

9.8CVSS9.5AI score0.00435EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/02/05 10:36 a.m.7 views

CVE-2024-12264

The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...

9.8CVSS7AI score0.00709EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:22 a.m.4 views

CVE-2024-12287

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as othe...

9.8CVSS9.5AI score0.00553EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:36 a.m.9 views

CVE-2024-11925

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS7AI score0.00634EPSS
Exploits0References1
NVD
NVD
added 2024/12/21 5:15 a.m.15 views

CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS0.01205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/18 7:2 a.m.7 views

CVE-2024-12287 Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as othe...

9.8CVSS7.1AI score0.00553EPSS
Exploits0References2
NVD
NVD
added 2024/11/28 7:15 a.m.20 views

CVE-2024-11925

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...

9.8CVSS0.00634EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/24 2:31 a.m.31 views

CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

9.8CVSS0.00733EPSS
Exploits0References3
OSV
OSV
added 2024/07/18 12:0 p.m.34 views

RUSTSEC-2024-0356 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check

The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. Impact If t...

5.4CVSS5.3AI score0.0028EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/12/19 12:52 p.m.23 views

Cybercrime (and Security) Predictions for 2023

Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and...

7AI score
Exploits0
CVE
CVE
added 2019/06/25 3:45 p.m.108 views

CVE-2019-4158

The CVE-2019-4158 entry concerns IBM Security Access Manager (ISAM) / ISAM Appliance versions 9.0.1–9.0.6 where the system fails to verify a user’s identity, potentially exposing resources or functionality to unintended actors. This is tied to ISAM 9.0.x deployments (non-appliance and appliance v...

5.5CVSS6.1AI score0.00684EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2010/11/17 1:11 p.m.5 views

Facebook Glitch Locks Out Accounts

A bug in an account verification system used by Facebook resulted in a wave of account suspensions Tuesday that had users locked out of the world’s largest social network and scratching their heads over the reason. Facebook discovered a bug in a system designed to detect and disable fake accounts...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/01/06 12:0 a.m.28 views

CentOS 5 : pam_krb5 (CESA-2008:0907)

An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...

4.4CVSS5.1AI score0.00353EPSS
Exploits0References3
Rows per page
Query Builder