Lucene search
+L

93 matches found

CNNVD
CNNVD
added 2023/11/22 12:0 a.m.5 views

WordPress Plugin Funnelforms Free Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS8.6AI score0.00395EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/08/14 3:54 p.m.51 views

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

A new remote access trojan RAT called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providi...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/04/12 1:54 p.m.31 views

Privilege Escalation Vulnerability Patched Promptly in WP Data Access WordPress Plugin

On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to grant themselves...

8.6AI score0.02726EPSS
Exploits3
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress wGauge – Free Version plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress wGauge – Free Version plugin versions = 1.0.0. Solution No patched version available...

2.4AI score
Exploits0References2Affected Software1
Wordfence Blog
Wordfence Blog
added 2021/11/11 3:1 p.m.34 views

Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...

3.5CVSS6.2AI score0.00585EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.14 views

CM Registration Pro < 3.2.1 - PHP Object Injection

The plugin was using an outdated library which was affected by a PHP Object Injection issue. The free version is not affected as it was not using the library even though it was skipped with it...

3.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/26 12:0 a.m.25 views

Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

The plugins have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “titletag” parameter. Although the element control lists a fixed set of possible html tags, it is possib...

5.4CVSS0.00636EPSS
Exploits1References1Affected Software2
Malwarebytes
Malwarebytes
added 2021/03/25 6:37 p.m.50 views

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/08/17 12:0 a.m.5 views

Unauthorized Access Vulnerability in Free Version of Kile Self-Media News System

Kile Self-Media News Management System is a news management system based on TP5.1 development. An unauthorized access vulnerability exists in the free version of Kile Self-Media News System. An attacker can exploit the vulnerability to perform unauthorized operations, such as randomly deleting or...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/06/05 12:0 a.m.2 views

Command Execution Vulnerability in Free Version of Kilo Brokerage Guarantee System

Kile Intermediary is a TP5.1-based intermediary secured transactions system, Kile Intermediary secured transactions system is a professional virtual asset intermediary secured transactions system, the program can be used to do domain names, websites, accounts, small programs, WeChat public number...

7.5AI score
Exploits0
0day.today
0day.today
added 2020/04/24 12:0 a.m.79 views

QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...

4.6CVSS7.6AI score0.00492EPSS
Exploits3
CNVD
CNVD
added 2020/03/15 12:0 a.m.1 views

SQL Injection Vulnerability in Baiyi Networks baiyiCMS

Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/03/15 12:0 a.m.1 views

SQL Injection Vulnerability in Baiyi Networks baiyiCMS (CNVD-2020-23533)

Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/03/15 12:0 a.m.1 views

SQL Injection Vulnerability in Baiyi Networks baiyiCMS (CNVD-2020-23532)

Baiyi enterprise building system free version is an enterprise building system. Baiyi Web baiyiCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/01/09 12:0 a.m.1 views

Login Bypass Vulnerability in the m****r.asp Page of the Free Version of Vanno's Enterprise Website Management System ASP

Vanno Enterprise Website Management System is a website content management system based on a full DIV+CSS template. Vanno enterprise website management system ASP free version of the mr.asp page there is a login bypass vulnerability, an attacker can use the vulnerability to use any registered use...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/01/09 12:0 a.m.2 views

SQL Injection Vulnerability in i**o.asp Page of VANOC Enterprise Website Management System ASP Free Version

Vanno Enterprise Website Management System is a website content management system based on a full DIV+CSS template. Vanno enterprise website management system ASP free version of the io.asp page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/21 2:3 p.m.78 views

Core Elastic Stack Security Features Now Available For Free Users As Well

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...

0.8AI score
Exploits0
CNVD
CNVD
added 2019/04/25 12:0 a.m.2 views

CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-14584)

CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the email field in CWP versions 0.9.8.793 Free and 0.9.8.753 Pro, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

7.8CVSS6.4AI score0.0491EPSS
Exploits1References1
0day.today
0day.today
added 2019/04/07 12:0 a.m.43 views

WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/05 12:0 a.m.322 views

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...

7.4AI score
Exploits0
Rows per page
Query Builder