Innovs HR <= 1.0.3.4 - Employee Creation via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. input type="hidden" name="maritalstatus" value="Single"...

JFrog Artifactory &lt; 7.25.4 - Blind SQL Injection

Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. PoC 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 Vulnerability de...

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The plugin does not prevent unauthenticated visitors from running code on vulnerable sites. Run the following JS on any site using the theme: await fetch"/wp-json/bricks/v1/renderelement", "credentials": "include", "headers": "Content-Type": "application/json" , "body":...

WP-Reply Notify <= 1.1 - Settings Update via CSRF

Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Make an admin open an HTML page containing the following: document.forms0.submit;...

Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing the following: document.forms0.submit;...

Sql injection

The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack 1. Log in as a normal user. 2. Save the content below as an HTML file...

Time delay for operations scheduled by the community multisig (CM) in timelock pose a risk to the protocol and it users

Lines of code Vulnerability details Impact Time sensitive operations done by the CM, like taking actions in case of an security exploit, are subject to the minDelay of the Timelock contract. Such operations are time sensitive and executing them several minutes later can result in significant loss...

Decisionmaking in the DAO is to slow which results in the DAO not been able to use the CANCELLER_ROLE properly

Lines of code Vulnerability details Impact The time that takes the DAO to vote on a proposal is to long for the DAO to be a proper address to cancel scheduled operations. That is why no scheduled operation will ever be cancelled and potentially malicious operations from security exploits will be...

Login Lockdown < 2.07 - Admin+ SQLi

Description The plugin does not properly sanitise and escape the iDisplayStart parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Easy Forms for Mailchimp < 6.9.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1 Create a new opt-in form 2 Edit the form, and add a "First name" field. 3 Update the form...

Post SMTP < 2.8.7 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. PoC In ps-delete-email-logs action: Visit the Post SMTP Email Log page and run the following code in t...

Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload

Description The plugin does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. from io import BytesIO import requests import zipfile import sys import re if...

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2...

CVE-2023-49278 Umbraco CMS brute force exploit can be used to collect valid usernames

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue...

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the extension .js...

CVE-2023-6202

Mattermost (open source collaboration platform) contains an information disclosure vulnerability in the /plugins/focalboard/api/v2/users endpoint. An attacker who is a guest and knows another user’s ID can access that user’s information (e.g., name, surname, nickname) due to improper authorizatio...

OpenHarmony has an unspecified vulnerability

OpenHarmony is a kind of hongmeng operating system open source project. A security vulnerability exists prior to OpenHarmony version v3.2.2, which can be exploited by an attacker to obtain sensitive buffer information by using uninitialized resources...