139 matches found
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import
Description The plugin does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them The issue was partially fixed in 2.20.29 only adding authorisation checks. CSRF checks were added in 2.20.32 As an unauthenticated user, open...
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Visit the following URL as an admin user, with any valid ticket ID. Press the access k...
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber Access the following URL to demonstrate SQLi:...
Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS
The plugin does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. Make a logged in admin open the following URL:...
WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF
The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders Make a...
CVE-2023-22984
A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL...
PDF Generator for WordPress < 1.1.2 - Reflected XSS
The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin Make a logged in admin open the following URL:...
Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download
The plugin does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite First call...
Helloprint < 1.4.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting Make a logged in admin open the following URL: https://example.com/wp-admin/admin.php?page=language-translate.php&success=added"alertXSS...
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
Fast Flow < 1.2.12 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ' https://example.com/wp-admin/admin.php?page=fast-flow&p="...
CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF
The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who will...
Gallery < 2.0.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...
Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
The plugin does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled which is the default setting, leading to a Reflected Cross-Site Scripting issue. Note: Vendor was notified on September 14th, 2021...
CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...
CVE-2021-32789 Arbitrary SQL (SQL injection) possible via the Store API component.
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...
F5 BIG-IQ 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A cross-site scripting vulnerability exists in BIG-IQ, which could be exploited by an attacker using a specially crafted URL to reflect...
Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Due to an incomplete fix of CVE-2020-16140 see https://wpscan.com/vulnerability/10444, the reflected XSS attack is still possible on unauthenticated users, by extracting the searchnonce from the source of the homepage and adding it to the original payload. This is possible because WP nonces are...
CVE-2019-5236
Huawei smart phones Emily-L29C with versions of 8.1.0.132aC432, 8.1.0.135C782, 8.1.0.154C10, 8.1.0.154C461, 8.1.0.154C635, 8.1.0.156C185, 8.1.0.156C605, 8.1.0.159C636 have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitati...