Lucene search
K

845 matches found

OSV
OSV
added 2022/05/03 1:57 p.m.19 views

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

7.2CVSS7.5AI score0.24028EPSS
Exploits2References3
CVE
CVE
added 2022/05/03 1:57 p.m.77 views

CVE-2022-28590

CVE-2022-28590 affects Pixelimity 1.0. The vulnerability enables remote code execution via admin/admin-ajax.php?action=install_theme. Multiple sources describe an arbitrary file upload path that can lead to code execution, with public PoC showing webshell upload to facilitate further access. The ...

7.2CVSS7.2AI score0.24028EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.4 views

CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS6.2AI score0.01465EPSS
Exploits0References2
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.80 views

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

5.4CVSS0.6AI score0.0058EPSS
Exploits2
0day.today
0day.today
added 2022/03/30 12:0 a.m.243 views

WordPress Easy Cookie Policy 1.6.2 Plugin - Broken Access Control to Stored XSS Vulnerability

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any authenticated use...

6.5CVSS0.4AI score0.10703EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.261 views

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

6.5CVSS0.2AI score0.10703EPSS
Exploits5
wpexploit
wpexploit
added 2022/03/29 12:0 a.m.137 views

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart&artID=sleep10 v 6.1.6 -...

8.8CVSS1.9AI score0.01341EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/16 12:0 a.m.122 views

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.7AI score0.02254EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.115 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...

6.4CVSS0.2AI score0.00632EPSS
Exploits2
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.212 views

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

5.3CVSS1.2AI score0.00519EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.147 views

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2.4AI score0.15254EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.1079 views

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...

9.1CVSS3.4AI score0.20249EPSS
Exploits2
0day.today
0day.today
added 2022/02/18 12:0 a.m.221 views

WordPress MasterStudy LMS 2.7.5 Plugin - Unauthenticated Admin Account Creation Vulnerability

Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation Author: Numan Türle CVE: CVE-2022-0441 Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ Version: 2.7.6 https://www.youtube.com/watch?v=SIO6CHXMZk...

9.8CVSS0.8AI score0.84943EPSS
Exploits8
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.88 views

hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.112 views

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

6.1CVSS6.2AI score0.0231EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.411 views

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

6.1CVSS0.3AI score0.02145EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.74 views

Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2022/01/14 12:0 a.m.143 views

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

The plugin allows any logged in user, such as subscriber, to extract any other user's email address. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...

4.3CVSS0.3AI score0.00897EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/13 12:0 a.m.92 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS3.3AI score0.02291EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.126 views

Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update

The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...

6.5CVSS0.2AI score0.00469EPSS
Exploits2References1
Rows per page
Query Builder