Lucene search
+L

207 matches found

Prion
Prion
added 2022/02/04 11:15 p.m.22 views

Sql injection

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

7.5CVSS9.8AI score0.01074EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:29 p.m.32 views

CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

7.3CVSS10AI score0.01074EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/04 10:29 p.m.8 views

CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

7.3CVSS8.2AI score0.01074EPSS
Exploits0References2
CVE
CVE
added 2022/02/04 10:29 p.m.66 views

CVE-2021-44779

CVE-2021-44779 affects the WordPress plugin GWA AutoResponder (versions

9.8CVSS9AI score0.01074EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.10 views

WordPress plugin SQL注入漏洞

WordPress plugin is an open source application plugin for WordPress. WordPress plugin suffers from a SQL injection vulnerability that stems from an unauthenticated SQL injection SQLi vulnerability found in the AutoResponder plugin, vulnerable at &listid...

9.8CVSS8.4AI score0.01074EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/01/27 12:0 a.m.19 views

GWA AutoResponder <= 2.3 - Unauthenticated SQL Injection

The plugin does not validate and escape the listid before using it in SQL statements, leading to SQL Injections which can be exploited by unauthenticated users...

9.8CVSS3.4AI score0.01074EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.6 views

WordPress [GWA] AutoResponder plugin <= 2.3 - Authenticated SQL Injection (SQLi) vulnerability at &orderby

Authenticated SQL Injection SQLi vulnerability at &orderby discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...

4.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.35 views

WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline...

9.8CVSS3.6AI score0.01074EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.9 views

WordPress [GWA] AutoResponder plugin <= 2.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason: Guideline Violation...

4.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.8 views

WordPress [GWA] AutoResponder plugin <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Multiple Persistent Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Multiple Persistent Cross-Site Scripting XSS discovered by m0ze Patchstack in WordPress GWA AutoResponder plugin versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

2.7AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/01/27 12:0 a.m.12 views

WordPress [GWA] AutoResponder <= 2.3 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) at &Subject

Cross-Site Request Forgery CSRF leading to Persistent Cross-Site Scripting XSS at &Subject discovered by m0ze Patchstack in WordPress GWA AutoResponder versions = 2.3. Solution Deactivate and delete. This plugin has been closed as of August 30, 2019 and is not available for download. Reason:...

2.8AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.156 views

NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...

4.8CVSS5AI score0.00305EPSS
Exploits2
CNVD
CNVD
added 2020/09/23 12:0 a.m.3 views

Ozeki NG SMS Gateway Path Traversal Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. A path traversal vulnerability exists in the "Script Name" of the "Autoresponder" module in Ozeki NG SMS Gateway 4.17.6 and earlier. The vulnerability can be exploited to write or overwrite arbitrary files with...

9CVSS7.1AI score0.01864EPSS
Exploits1References1
Veracode
Veracode
added 2020/08/06 9:36 p.m.16 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability exists in multiple functions because of sending large autoresponder messages which allows an attacker to crash the application via malicious input...

6.5CVSS5AI score0.01069EPSS
Exploits1References9Affected Software2
CNVD
CNVD
added 2019/08/09 12:0 a.m.7 views

cPanel cross-site scripting vulnerability (CNVD-2019-28986)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in api1listautoresponders in cPanel versions prior to 60.0.25. The vulnerability stem...

5.4CVSS6.3AI score0.00531EPSS
Exploits0References1
Patchstack
Patchstack
added 2018/12/04 12:0 a.m.22 views

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...

7.2CVSS3.2AI score0.04354EPSS
Exploits5References1Affected Software1
Patchstack
Patchstack
added 2018/12/04 12:0 a.m.16 views

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability

Authenticated reflected Cross-Site Scripting XSS vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin versions = 2.5.1.8. Solution Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version at least 2.5.2...

2.3AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2018/12/04 12:0 a.m.31 views

WordPress Arigato Autoresponder and Newsletter Plugin < 2.5.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112446";...

7.2CVSS5.4AI score0.04354EPSS
Exploits14References2
Prion
Prion
added 2018/12/03 4:29 p.m.11 views

Sql injection

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the delids variable by POST request...

6.5CVSS7.3AI score0.04354EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2018/12/03 4:29 p.m.18 views

CVE-2018-1002009

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable...

4.8CVSS4.7AI score0.02604EPSS
Exploits5References3
Rows per page
Query Builder