Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown

CVE-2023-32580

Disclosure Date: June 23, 2023 (last updated February 25, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.
Attacker Value
Unknown

CVE-2022-4626

Disclosure Date: February 06, 2023 (last updated October 08, 2023)
The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Attacker Value
Unknown

CVE-2009-2003

Disclosure Date: June 08, 2009 (last updated October 04, 2023)
Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
0
Attacker Value
Unknown

CVE-2009-0461

Disclosure Date: February 10, 2009 (last updated October 04, 2023)
Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
0
Attacker Value
Unknown

CVE-2009-0459

Disclosure Date: February 10, 2009 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
0
Attacker Value
Unknown

CVE-2004-1648

Disclosure Date: August 31, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.
0
Attacker Value
Unknown

CVE-2004-1647

Disclosure Date: August 30, 2004 (last updated February 22, 2025)
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
0