Lucene search
K

141 matches found

wpexploit
wpexploit
added 2022/10/31 12:0 a.m.161 views

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

9.8CVSS0.4AI score0.00646EPSS
Exploits2
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.284 views

WordPress WP User Frontend 3.5.25 SQL Injection

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...

8.8CVSS8.8AI score0.1712EPSS
Exploits6
0day.today
0day.today
added 2022/02/21 12:0 a.m.228 views

WordPress WP User Frontend 3.5.25 Plugin - SQL injection (Authenticated) Exploit

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE: CVE-2021-25076 CWE...

8.8CVSS0.4AI score0.1712EPSS
Exploits6
CNVD
CNVD
added 2022/01/26 12:0 a.m.47 views

WordPress WP User Frontend plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which...

6.5CVSS0.8AI score0.1712EPSS
Exploits6Affected Software1
NVD
NVD
added 2022/01/24 8:15 a.m.58 views

CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS0.1712EPSS
Exploits6References3
Prion
Prion
added 2022/01/24 8:15 a.m.22 views

Cross site scripting

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

6.5CVSS8.6AI score0.1712EPSS
Exploits6References3Affected Software1
Cvelist
Cvelist
added 2022/01/24 8:1 a.m.48 views

CVE-2021-25076 WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.9AI score0.1712EPSS
Exploits6References3
CVE
CVE
added 2022/01/24 8:1 a.m.119 views

CVE-2021-25076

The CVE-2021-25076 issue affects the WP User Frontend WordPress plugin

8.8CVSS8.7AI score0.1712EPSS
Exploits6References3Affected Software1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.11 views

WordPress plugin SQL注入漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which...

8.8CVSS6.1AI score0.1712EPSS
Exploits6References7
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.83 views

WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting

The plugin does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS1.2AI score0.1712EPSS
Exploits6References1
Patchstack
Patchstack
added 2021/12/27 12:0 a.m.20 views

WordPress WP User Frontend plugin <= 3.5.25 - SQL Injection (SQLi) to Reflected Cross-Site Scripting (XSS)

SQL Injection SQLi to Reflected Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress WP User Frontend plugin versions = 3.5.25. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.26...

8.8CVSS2AI score0.1712EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2021/11/18 12:0 a.m.12 views

WordPress WP User Frontend plugin <= 3.5.23 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered in WordPress WP User Frontend plugin versions = 3.5.23. Solution Update the WordPress WP User Frontend plugin to the latest available version at least 3.5.25...

2.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/18 12:0 a.m.18 views

WP User Frontend < 3.5.25 - Admin+ SQL Injection

The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection PoC https://example.com/wp-admin/edit.php?posttype=wpufsubscription=wpufsubscribersID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%29...

7.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2021/11/18 12:0 a.m.159 views

WP User Frontend < 3.5.25 - Admin+ SQL Injection

The plugin does not validate and escape the postid parameter from the Subscribers list before using in a SQL statement, leading to an SQL injection https://example.com/wp-admin/edit.php?posttype=wpufsubscription&page=wpufsubscribers&postID=1+AND+%28SELECT+42+FROM+%28SELECT%28SLEEP%285%29%29%29b%2...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2016/04/18 12:0 a.m.3 views

WordPress WP User Frontend Plugin Unlimited File Upload Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Unlimited file upload vulnerability exists in WordPress WP User Frontend plugin versions prior to 2.3.11. Allows an attacker ...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2016/03/22 12:0 a.m.15 views

WordPress WP User Frontend插件3.4.6文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/09 12:0 a.m.33 views

WordPress WP User Frontend 3.4.6 File Upload

Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: https://wedevs.com Software Link:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/02/08 12:0 a.m.15 views

WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload

WordPress Plugin WP User Frontend 2.3.11 - Unrestricted Arbitrary File Upload ''' Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor...

Exploits0
Patchstack
Patchstack
added 2016/02/08 12:0 a.m.18 views

WordPress WP User Frontend Plugin 2.3.10 - Unrestricted File Upload

Because of this vulnerability, anyone can upload files to the web server by performing certain "wpuffileupload" or "wpufinsertimage" actions. Solution Upgrade the plugin...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/02/08 12:0 a.m.11 views

WP User Frontend <= 2.3.10 - Unrestricted File Upload

The WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress WordPress plugin was affected by an Unrestricted File Upload security vulnerability...

2.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder