Vulnerabilities > Unverified Password Change

DATE CVE VULNERABILITY TITLE RISK
2025-04-24 CVE-2025-3603 The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0.
network
low complexity
CWE-620
critical
 9.8
9.8
2025-04-24 CVE-2025-3607 The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7.
network
low complexity
CWE-620
8.8
8.8
2025-04-24 CVE-2025-3793 The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1.
network
high complexity
CWE-620
4.2
4.2
2025-04-22 CVE-2025-3849 A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0.
network
low complexity
CWE-620
4.3
4.3
2025-04-08 CVE-2024-41796 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-620
6.5
6.5
2025-03-01 CVE-2024-12824 The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2.
network
low complexity
CWE-620
critical
 9.8
9.8
2025-03-01 CVE-2024-13373 The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1.
network
high complexity
CWE-620
8.1
8.1
2025-01-18 CVE-2024-13375 The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7.
network
low complexity
CWE-620
critical
 9.8
9.8