3 matches found
WordPress MC4WP: Mailchimp for WordPress plugin <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin MC4WP versions = 4.11.1...
CVE-2026-29191 ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...
PT-2024-39960 · WordPress · Profilepress
Name of the Vulnerable Software and Affected Versions: ProfilePress Pro plugin for WordPress versions up to, and including, 4.11.1 Description: The issue is due to insufficient verification on the user being returned by the social login token, allowing unauthenticated attackers to log in as any...