Description
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digital Climate Strike WP Malicious Redirects (1.0.0)
WordPress Plugin Booking Calendar Cross-Site Request Forgery (4.1.5)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.30)
Python CVE-2022-42919 Vulnerability (CVE-2022-42919)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)