138 matches found
Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation
Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. PoC curl --url 'http://vulnerable-site.tld/wp-login.php' --data...
Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation
Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. curl --url 'http://vulnerable-site.tld/wp-login.php' --data...
WordPress Plugin Malware Scanner Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-19020 · WordPress · Web Application Firewall +1
Name of the Vulnerable Software and Affected Versions: Malware Scanner plugin versions up to, and including, 4.7.2 Web Application Firewall plugin versions up to, and including, 2.1.1 Description: The issue is related to a missing capability check on the mo wpns init function, which allows...
WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation
Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...
CVE-2024-25902
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...
CVE-2024-25902
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...
CVE-2024-25902
CVE-2024-25902 : WordPress plugin miniorange Malware Scanner (v4.7.2 and earlier) is affected by an SQL Injection due to improper neutralization of inputs. The vulnerability is exploitable with administrator privileges (Wordfence notes “Authenticated (Administrator+) SQL Injection”) and is linked...
CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...
CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...
PT-2024-21193 · Miniorange · Miniorange Malware Scanner
Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...
WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection
Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25902 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 46c75a59070d Credits Le Ngoc Anh Required privilege Administrator...
CVE-2023-51490
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...
CVE-2023-51490
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...
PT-2024-14149 · Unknown · Defender Security – Malware Scanner
Name of the Vulnerable Software and Affected Versions: Defender Security – Malware Scanner, Login Security & Firewall versions through 4.1.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made availabl...
Defender Security < 4.2.0 - Sensitive Information Exposure via Log File
Description The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...
Malware Scanner < 4.7.2 - IP Spoofing
Description The Malware Scanner plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.7.1 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...
WordPress Malware Scanner Plugin <= 4.7.1 is vulnerable to Bypass Vulnerability
Software Malware Scanner Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-52176 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f6265f1e1b85 Credits Brandon Roldan Required...