2 matches found
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
...
WordPress User Registration plugin <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability
Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.1.3...