Lucene search
K

54 matches found

Patchstack
Patchstack
added 2023/03/03 12:0 a.m.17 views

WordPress Auto Featured Image (Auto Post Thumbnail) Plugin < 3.9.16 is vulnerable to Arbitrary File Upload

Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions 3.9.16 Fixed in 3.9.16 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0477 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ad8cfc8bf738 Credits dc11 Required...

8.8CVSS7.2AI score0.01645EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/04 12:0 a.m.17 views

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS1.9AI score0.01046EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.122 views

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS1.1AI score0.01046EPSS
Exploits2
CVE
CVE
added 2022/10/25 12:0 a.m.63 views

CVE-2022-3247

The WordPress Blog2Social: Social Media Auto Post & Scheduler plugin prior to version 6.9.10 is vulnerable to SSRF due to missing authorization in an AJAX action and failure to ensure the target URL is external. This allows any authenticated user (e.g., subscribers) to trigger SSRF. Remediation: ...

6.5CVSS6.3AI score0.0066EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2021/12/26 12:0 a.m.19 views

WordPress Blog2Social: Social Media Auto Post

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Blog2Social: Social Media Auto Post...

6.1CVSS2.2AI score0.01669EPSS
Exploits2References1
CVE
CVE
added 2021/12/21 8:45 a.m.76 views

CVE-2021-24956

CVE-2021-24956 concerns the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler (versions

6.1CVSS6AI score0.01669EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Blog2Social: Social Media Auto Post...

6.1CVSS5.5AI score0.01669EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24932

The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.008EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:41 a.m.47 views

CVE-2021-24932

The CVE-2021-24932 entry concerns the WordPress plugin Auto Featured Image (Auto Post Thumbnail) prior to version 3.9.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of the post_id parameter in an admin page output within a JS block...

6.1CVSS6AI score0.008EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2019/07/26 12:0 a.m.12 views

WordPress Blog2Social plugin <= 5.5.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Tin Duong in WordPress Blog2Social plugin versions = 5.5.0. Solution Update the Blog2Social: Social Media Auto Post & Scheduler plugin to the latest available version at least 5.6.0...

3.4AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2017/02/10 12:0 a.m.55 views

Tiger Post Facebook Auto Post Multi Pages/Groups/Profiles 3.0.1 SQL Injection

Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy: https://codecanyon.net/item/tiger-post-facebook-auto-post-multi-pagesgroupsprofiles/15279075 Demo:...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2017/02/10 12:0 a.m.17 views

Gram Post 1.0 - SQL Injection

Gram Post 1.0 - SQL Injection Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...

0.2AI score
Exploits0
0day.today
0day.today
added 2017/02/10 12:0 a.m.17 views

Tiger Post 3.0.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/02/10 12:0 a.m.43 views

Gram Post 1.0 - SQL Injection

Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...

7.4AI score
Exploits0
Rows per page
Query Builder