CVE-2024-5149

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Related Vulnerabilities

CVE-2010-3666

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.

CWE-3302010

CVE-2015-9019

MEDIUM
CVSS:5.3(Medium)

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

CWE-3302015

CVE-2017-1000246

MEDIUM
CVSS:5.3(Medium)

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

CWE-3302017

CVE-2017-13087

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing...

CWE-3302017

CVE-2017-16028

MEDIUM
CVSS:5.3(Medium)

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

CWE-3302017

CVE-2019-1010025

MEDIUM
CVSS:5.3(Medium)

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass...

CWE-3302019