Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2022-1790

Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-41558

Disclosure Date: September 27, 2021 (last updated November 28, 2024)
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-38140

Disclosure Date: August 10, 2021 (last updated February 23, 2025)
The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0