106 matches found
Remote code execution
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
CVE-2018-8710
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS
The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...
Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS
The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...
N-Media Website Contact Form with File Upload <= 1.3.4 - Arbitrary File Upload
The "uploadfile" ajax function is affected from unrestricted file upload vulnerability. PoC curl -k -X POST -F "action=upload" -F "Filedata=@./backdoor.php" -F "action=nmwebcontactuploadfile" http://www.example.com/wp-admin/admin-ajax.php Response:...
Revive Old Post <= 6.9.0 - Privilege Escalation
Leveraging a publicly accessible AJAX function named ‘updateresponse’, it is possible to update any option with the WordPress installation. Using this vulnerability, it is possible to gain administrative access to the WordPress installation by updating the options ‘defaultrole’ and...