18 matches found
CVE-2025-1564
The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrator...
EUVD-2024-50744
Malicious code in bioql PyPI...
PT-2025-27068 · WordPress · Simple Payment
Name of the Vulnerable Software and Affected Versions: Simple Payment plugin for WordPress versions 1.3.6 through 2.3.8 Description: The issue is related to Authentication Bypass, which occurs because the plugin does not properly verify a user's identity prior to logging them in through the creat...
CVE-2025-4973
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...
CVE-2025-4973
CVE-2025-4973: The Workreap WordPress plugin (Workreap theme) is vulnerable to authentication bypass in versions up to 3.3.1. The flaw stems from improper verification of a user’s identity during email-based account verification, enabling unauthenticated attackers to log in as registered users (i...
PT-2025-25280 · WordPress · Workreap
Name of the Vulnerable Software and Affected Versions: Workreap plugin for WordPress versions up to, and including, 3.3.1 Description: The issue arises from the plugin's failure to properly verify a user's identity before logging them in when verifying an account with an email address. This allow...
CVE-2024-12264
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setti...
CVE-2024-12287
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as othe...
CVE-2024-11925
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
CVE-2024-11349
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...
CVE-2024-12287 Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as othe...
CVE-2024-11925
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...
RUSTSEC-2024-0356 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. Impact If t...
Cybercrime (and Security) Predictions for 2023
Threat actors continue to adapt to the latest technologies, practices, and even data privacy laws—and it's up to organizations to stay one step ahead by implementing strong cybersecurity measures and programs. Here's a look at how cybercrime will evolve in 2023 and what you can do to secure and...
CVE-2019-4158
The CVE-2019-4158 entry concerns IBM Security Access Manager (ISAM) / ISAM Appliance versions 9.0.1–9.0.6 where the system fails to verify a user’s identity, potentially exposing resources or functionality to unintended actors. This is tied to ISAM 9.0.x deployments (non-appliance and appliance v...
Facebook Glitch Locks Out Accounts
A bug in an account verification system used by Facebook resulted in a wave of account suspensions Tuesday that had users locked out of the world’s largest social network and scratching their heads over the reason. Facebook discovered a bug in a system designed to detect and disable fake accounts...
CentOS 5 : pam_krb5 (CESA-2008:0907)
An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...