All CosmicBytez Labs articles tagged #Account Takeover, across news, security advisories, how-to guides, and projects.
The Kirki Freeform Page Builder plugin for WordPress (versions 6.0.0–6.0.6) allows unauthenticated attackers to take over any user account during password reset by accepting an arbitrary email address, enabling full privilege escalation. CVSS 9.8.
Iran-linked hackers exploited Meta's AI support assistant to reset account credentials, briefly defacing the Instagram accounts of the Obama White House and the Chief Master Sergeant of the U.S. Space Force with pro-Iranian content.
A broken authentication check in the Simple History WordPress plugin (versions up to 5.26.0) allows Subscriber-level users to take over any WordPress...
phpMyFAQ before 4.1.3 contains a CVSS 8.2 flaw allowing unauthenticated attackers to reset any account password without token validation, enabling full...
A critical authentication bypass (CVSS 9.8) in the OTP Login With Phone Number WordPress plugin allows unauthenticated attackers to log in as any user due...
A critical unauthenticated privilege escalation flaw in WP Maps Pro for WordPress (CVSS 9.8) allows attackers to create administrator accounts without...
Fraud losses don't stop at chargebacks. False declines, account takeovers, and promotional abuse also silently erode revenue and customer trust — yet many...
A CVSS 10.0 path traversal vulnerability in UniFi OS allows an unauthenticated network attacker to read arbitrary files, including sensitive account files...
The Form Notify plugin for WordPress is vulnerable to authentication bypass in versions up to and including 1.1.10. Attackers can manipulate...
CVE-2026-2347 is a CVSS 9.8 authorization bypass in Akilli's e-commerce platform, allowing attackers to hijack authenticated sessions by manipulating...
OpenCart 3.0.3.8 fails to regenerate the OCSESSID session cookie after authentication, allowing attackers to inject a known session ID and hijack any user...
A critical authentication bypass in the User Verification by PickPlugins plugin for WordPress allows unauthenticated attackers to bypass OTP verification...
OpenAEV's password reset implementation contains multiple chained weaknesses enabling reliable account takeover in versions 1.0.0 through 2.0.12 of the...
Device code phishing attacks abusing the OAuth 2.0 Device Authorization Grant flow have exploded 37-fold in 2026 as ready-made phishing kits proliferate...
The Tutor LMS Pro WordPress plugin's Social Login addon fails to verify OAuth token email matches the login request, allowing unauthenticated attackers to...
A high-severity host header injection vulnerability in ZITADEL's login V2 password reset flow allows attackers to redirect reset links to...
A critical cross-site scripting vulnerability in ZITADEL's login V2 /saml-post endpoint allows unauthenticated attackers to execute arbitrary JavaScript...
A stored cross-site scripting vulnerability in ZITADEL's login V2 interface allows organization administrators to inject malicious JavaScript via a...