25 matches found
WordPress Ajax Search Pro Remote Code Execution
------------------------------------------------------------------------------ WordPress ajax-search-pro Plugin Remote Code Execution ------------------------------------------------------------------------------ - Plugin Link:...
Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User
The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery CSRF Add User security vulnerability. This will register an administrator with username "xADMIN" and password "xPASS": POST request to:...
WordPress Ajax Search Pro Plugin - Remote Code Execution
Because of this vulnerability, any registered user to execute any function he wants with 1st param set to array$POST. Solution Update the plugin...
Ajax Search Pro <= 3.5 - Cross-Site Request Forgery (CSRF) Add User
The ajax-search-pro WordPress plugin was affected by a Cross-Site Request Forgery CSRF Add User security vulnerability. PoC This will register an administrator with username "xADMIN" and password "xPASS": POST request to:...
PT-2004-2957 · Isearch · Isearch +1
Name of the Vulnerable Software and Affected Versions: RiSearch version 1.0.01 RiSearch Pro version 3.2.06 Description: The issue allows remote attackers to use the show.pl script as an open proxy or read arbitrary local files by setting the url parameter to a http://, ftp://, or file:// URL...