Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
add user project add user vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-1129
The WP FEvents Book WordPress plugin up to and including 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
Wp Fevents Book Project Wp Fevents Book
8.8
CVSSv3
CVE-2022-46074
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.
Helmet Store Showroom Project Helmet Store Showroom 1.0
7.8
CVSSv3
CVE-2011-4338
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
Shaman Project Shaman 1.0.9
5.4
CVSSv3
CVE-2023-43331
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Small Crm Project Small Crm 3.0
8.8
CVSSv3
CVE-2021-31590
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user&qu...
Pwndoc Project Pwndoc
6.5
CVSSv3
CVE-2021-24788
The Batch Cat WordPress plugin up to and including 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
Batch Cat Project Batch Cat
8.8
CVSSv3
CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin prior to 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such ...
Woocommerce Multiple Customer Addresses \\& Shipping Project Woocommerce Multiple Customer Addresses \\& Shipping
9.8
CVSSv3
CVE-2019-1010191
marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a head...
Marginalia Project Marginalia
4.8
CVSSv3
CVE-2023-1359
A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argu...
Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0
8.8
CVSSv3
CVE-2023-28854
nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaroun...
Nophp Project Nophp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »