Description

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.

Remediation

References

CVE-2020-23359

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (1.3.88)

WordPress Plugin Contentboxes Cross-Site Scripting (1.1)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3562)

WordPress Plugin Blunt GA Cross-Site Scripting (4.0.0)

Oracle JRE CVE-2017-10281 Vulnerability (CVE-2017-10281)

Severity

Critical

Classification

CVE-2020-23359 CWE-697 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities