[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":27,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":34,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":40,"vulnerability-29449":47},[4,15,21],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"phpBB authentication bypass - Sniper","phpbb-authentication-bypass-sniper","PoC details now live: 2 new CVEs our research team discovered in phpBB","https://pentest-tools.com/research/phpbb-authentication-bypass",true,[11],"/exploit-helpers/sniper","See the details","secondary","phpbb-authentication-bypass",{"title":16,"slug":17,"text":7,"link":8,"external":9,"targets":18,"cta":20,"variant":13,"campaign_id":14},"phpBB authentication bypass - CVE page","phpbb-authentication-bypass-cve",[19],"/vulnerabilities-exploits","Read the research",{"title":22,"slug":23,"text":24,"link":8,"external":9,"targets":25,"cta":26,"variant":13,"campaign_id":14},"phpBB authentication bypass - VulnDB homepage","phpbb-authentication-bypass-vulndb","The Network Scanner detects 2 new phpBB CVEs our research team found",[19],"See the PoC details",["Island",28],{"key":29,"params":30,"result":32},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":31},"{}",{"head":33},{},["Island",35],{"key":36,"params":37,"result":38},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":31},{"head":39},{},["Island",41],{"key":42,"params":43,"result":45},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":44},"{\"text-color\":\"gray\"}",{"head":46},{},{"id":48,"detectable_with":49,"vuln_details":56,"vuln_id":72,"name":73,"published":74,"updated":57},29449,{"tool":50,"engine":53},{"id":51,"name":52},1,"Network Scanner",{"id":54,"name":55},2,"Nuclei",{"id":48,"codename":57,"description":57,"severity":58,"risk_description":59,"public_description":60,"public_recommendation":61,"recommendation":57,"references":62,"cvssv3":65,"epss_score":66,"epss_percentile":67,"cve":68,"in_cisa_catalog":70,"date":71,"software_type":57,"vendor":57,"product":57,"ptt_exploit_capabilities":57},null,"critical","The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.","The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","Update to the latest version of Pix for WooCommerce plugin.",[63,64],"https://github.com/m4sh-wacker/CVE-2026-3891-Pix-for-WooCommerce-Plugin-Exploit","https://wordpress.org/plugins/payment-gateway-pix-for-woocommerce/",9.8,0.00845,0.53871,[69],"CVE-2026-3891",false,"2026-03-13T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2026-3891","Pix for WooCommerce \u003C= 1.5.0 - Unauthenticated Arbitrary File Upload","2026-07-17T00:00:00Z"]