WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities

Exploit for Release of Invalid Pointer or Reference in Tencent Qq

声明...

Exploit for Missing Authorization in Wpmet Metform Elementor Contact Form Builder

CVE-2022-1442 WordPress Plugin Metform <= 2.1.3 - Improper...

Command Execution Vulnerability in Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group Co.

Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. There is a command execution vulnerability in the Sky Mirror Vulnerability Scanning and...

Arbitrary File Read Vulnerability in Sky Mirror Vulnerability Scanning and Management System of Kaixingchen Information Technology Group Co.

Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....

Exploit for CVE-2021-44910

CVE-2021-44910-SpringBlade漏洞检测工具...

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...

Exploit for CVE-2023-34960

Chamilo__CVE-2023-34960_RCE Chamilo 是一个电子学习平台，也称为学习管理系统...

BloodBank 1.0 Cross Site Scripting

...

BloodBank 1.0 Insecure Direct Object Reference

...

Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability

In airflow.providers.jdbc.hooks.jdbc.JdbcHook, A privilege escalation vulnerability exists in a system due to controllable Driver Path and Driver Class parameters which cause executing any java code. Vulnerability reproduction steps: 1. create a malicious jdbc driver, like this ``` import...

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

Cross site request forgery (csrf)

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

Exploit for CVE-2023-27372

CVE-2023-27372-POC 概述 这个代码是用于检测目标网站是否存在 CVE-2023-27372...

CVE-2023-24405

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

CVE-2023-24405

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

CVE-2023-24405 WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin &lt;= 1.9.3...

Exploit for Command Injection in Chamilo

Chamilo_CVE-2023-34960-EXP 帮助： usage: CVE-2023-34960.py...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述...

Exploit for Use After Free in Linux Linux Kernel

fork from https://github.com/veritas501/hbp_attack_demo...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-2170......

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 OpenSSH 9.1漏洞大规模扫描和利用 *脆弱性的详细信息...

Exploit for CVE-2023-2982

CVE-2023-2982 WordPress Social Login and Register (Discord,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.

ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...

Logic Flaw Vulnerability in T+ (CNVD-2023-62863)

T+ is a new Internet business management software. A logic flaw vulnerability exists in Changjitong T+, which can be exploited by an attacker to delete arbitrary...

Exploit for Improper Ownership Management in Linux Linux Kernel

typora-copy-images-to: ./image CVE-2023-0386 Exp...

File upload vulnerability in inforsuiteAS application server of Shandong Zhongchuang Software Commercial Middleware Co.(CNVD-2023-63818)

Shandong Zhongchuang Software Commercial Middleware Co., Ltd. is a company whose business scope includes sales and maintenance services of computers, software and auxiliary equipment, electronic equipment, computer network equipment, etc. A file upload vulnerability exists in the inforsuiteAS...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)

Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

CVE-2023-35917

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin &lt;= 2.0.4...

CVE-2023-35917

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin &lt;= 2.0.4...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin &lt;= 2.0.4...

CVE-2023-35917 WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin &lt;= 2.0.4...

Exploit for SQL Injection in Jeecg Jeecg-Boot

CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln...

WooCommerce PayPal Payments < 2.0.5 - Merchant ID Details Update via CSRF

The plugin does not have CSRF checks when updating the merchant ID details, which could allow attackers to make logged in users update them via a CSRF...

Exploit for CVE-2023-23752

CVE-2023-23752 Joomla未授权访问漏洞 fofa: product="Joomla"...

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-1011...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 0x01 获取返回的JSESSIONID和csrftoken...

Changjitong T+ Remote Command Execution Vulnerability

T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246 CVE-2023-33246 Apache RocketMQ...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246 CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)

Last week, there were 116 vulnerabilities disclosed in 88 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 35 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Exploit for Code Injection in Vmware Spring Framework

Spring RCE CVE-2022-22965 漏洞环境 环境信息 * springboot *...

Exploit for Code Injection in Apache Rocketmq

0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...

Exploit for Code Injection in Apache Rocketmq

0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...