Description
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Views Counter Cross-Site Scripting (1.3.4)
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)
WordPress Plugin MiwoFTP-File & Folder Manager Multiple Vulnerabilities (1.0.5)
WordPress Plugin Post Title Counter Cross-Site Scripting (1.1)
WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)