CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2357

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

Remote file inclusion

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

CVE-2022-2357 WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php...

WordPress Plugin WSM Downloader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

Design/Logic Flaw

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

PT-2022-15295

Name of the Vulnerable Software and Affected Versions Download Monitor WordPress plugin versions prior to 4.5.91 Description The issue allows high privilege users, such as administrators, to download sensitive files like wp-config.php or /etc/passwd, even in hardened environments or multisite...

Top Five Attacking IPs This Month: Their Locations May Not Be Where You Think

At Wordfence, we see large amounts of threat actor data, and often that data tells unexpected stories. Taking a look at just the top five attacking IP addresses over a 30 day period, you might be surprised to find out where these attacks are originating, and what they are doing. When most people...

CVE-2021-41177

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits as as AnonRateThrottle or UserRateThrottle was thus not rat...

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value...

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value...

CVE-2022-0541

The CVE-2022-0541 issue affects the flo-launch WordPress plugin prior to 2.4.1. The vulnerability arises when the plugin injects code into wp-config.php during clone-site creation, enabling an attacker to start a new WordPress installation by setting the flo_custom_table_prefix cookie. Impact is ...

WordPress和WordPress plugin 安全漏洞

WordPress is a blogging platform developed using the PHP language. The WordPress plugin flo-launch version 2.4.1 or earlier is vulnerable to an access control error that originates when the plugin injects code into wp-config.php when creating a clone site. prefix cookie to an arbitrary value to...

PT-2022-13251 · WordPress · Flo-Launch

Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...

Directory traversal

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...

CVE-2021-43741

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...

Hoosk has an unspecified vulnerability

Hoosk is a lightweight user-centric content management system CMS with a built-in Codelgniter for creating responsive websites. The system has a built-in Codelgniter for creating responsive websites. An unspecified vulnerability in /install/index.php in Hoosk version 1.8.0 stems from the program'...

Flo Launch < 2.4.1 - Missing Authentication Allow Full Site Takeover

The plugin injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value. PoC On any website where flo-launch is active create cookie "flocustomtableprefix" with any string value t...

Remote code execution

A remote code execution RCE vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php...