54 matches found
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
CVE-2022-3247
The WordPress Blog2Social: Social Media Auto Post & Scheduler plugin prior to version 6.9.10 is vulnerable to SSRF due to missing authorization in an AJAX action and failure to ensure the target URL is external. This allows any authenticated user (e.g., subscribers) to trigger SSRF. Remediation: ...
WordPress Blog2Social: Social Media Auto Post
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Blog2Social: Social Media Auto Post...
CVE-2021-24956
CVE-2021-24956 concerns the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler (versions
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Blog2Social: Social Media Auto Post...
CVE-2021-24932
The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24932
The CVE-2021-24932 entry concerns the WordPress plugin Auto Featured Image (Auto Post Thumbnail) prior to version 3.9.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of the post_id parameter in an admin page output within a JS block...
WordPress Blog2Social plugin <= 5.5.0 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Tin Duong in WordPress Blog2Social plugin versions = 5.5.0. Solution Update the Blog2Social: Social Media Auto Post & Scheduler plugin to the latest available version at least 5.6.0...
Tiger Post Facebook Auto Post Multi Pages/Groups/Profiles 3.0.1 SQL Injection
Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy: https://codecanyon.net/item/tiger-post-facebook-auto-post-multi-pagesgroupsprofiles/15279075 Demo:...
Gram Post 1.0 - SQL Injection
Gram Post 1.0 - SQL Injection Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...
Tiger Post 3.0.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...
Gram Post 1.0 - SQL Injection
Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...