Lucene search
K

104 matches found

Exploit DB
Exploit DB
added 2020/11/27 12:0 a.m.873 views

Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)

Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/11/02 12:0 a.m.14 views

AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. PoC https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing Payload: aps-social id="1 and sleep3"...

1.6AI score0.01255EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
added 2020/11/02 12:0 a.m.715 views

AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing Payload: aps-social id="1 and sleep3"...

2.7AI score0.01255EPSS
Exploits1References2
NVD
NVD
added 2020/09/14 4:15 p.m.22 views

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

6.1CVSS0.00934EPSS
Exploits2References1
OSV
OSV
added 2020/09/14 4:15 p.m.5 views

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

6.1CVSS6.4AI score0.00934EPSS
Exploits2References1
Prion
Prion
added 2020/09/14 4:15 p.m.10 views

Cross site scripting

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

4.3CVSS6AI score0.00934EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/09/14 3:25 p.m.23 views

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

6.1AI score0.00934EPSS
Exploits2References1
CVE
CVE
added 2020/09/14 3:25 p.m.51 views

CVE-2020-25378

Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...

6.1CVSS6AI score0.00934EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/14 12:0 a.m.5 views

PT-2020-16073 · Accesspress Themes · Accesspress Themes Wp Floating Menu

Name of the Vulnerable Software and Affected Versions: AccessPress Themes WP Floating Menu version 1.3.0 Description: The issue concerns a Cross Site Scripting XSS problem. It is exploited via the id GET parameter. Recommendations: For version 1.3.0, update to a newer version that contains a fix...

6.1CVSS6AI score0.00934EPSS
Exploits2References3
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.18 views

WordPress AccessPress Anonymous Post Pro plugin <=3.1.8 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Colette Chamberland in WordPress AccessPress Anonymous Post Pro plugin versions =3.1.8. Improper sanitization leads make it possible to upload any file with any extension. Solution Update the WordPress AccessPress Anonymous Post Pro...

9.8CVSS3.8AI score0.19151EPSS
Exploits6References1Affected Software1
NVD
NVD
added 2017/12/19 2:29 a.m.24 views

CVE-2017-16949

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...

9.8CVSS9.6AI score0.19151EPSS
Exploits6References3
Prion
Prion
added 2017/12/19 2:29 a.m.16 views

Input validation

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...

7.5CVSS9.6AI score0.19151EPSS
Exploits6References3Affected Software1
wpexploit
wpexploit
added 2017/12/19 12:0 a.m.17 views

AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload

Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...

7.5CVSS1.2AI score0.19151EPSS
Exploits6References2
WPVulnDB
WPVulnDB
added 2017/12/19 12:0 a.m.21 views

AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload

Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. PoC OST /wp-admin/admin-ajax.php?action=apfileuploadactionuploadernonce=nonce=php=64000 HTTP/1.1...

7.5CVSS0.9AI score0.19151EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2017/12/18 5:0 p.m.28 views

CVE-2017-16949

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...

9.7AI score0.19151EPSS
Exploits6References3
CVE
CVE
added 2017/12/18 5:0 p.m.94 views

CVE-2017-16949

Summary: CVE-2017-16949 affects the AccessKeys AccessPress Anonymous Post Pro WordPress plugin (versions up to 3.1.9). Improper input sanitization in the file-upload components (inc/cores/file-uploader.php and file-uploader/file-uploader-class.php) allows an unauthenticated attacker to override a...

9.8CVSS9.5AI score0.19151EPSS
Exploits6References3Affected Software1
Packet Storm
Packet Storm
added 2017/12/13 12:0 a.m.61 views

Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload

Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...

0.7AI score0.19151EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/12/12 12:0 a.m.63 views

Accesspress Anonymous Post Pro &lt; 3.2.0 - Arbitrary File Upload

Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...

9.8CVSS9.6AI score0.19151EPSS
Exploits6
0day.today
0day.today
added 2017/12/12 12:0 a.m.39 views

WordPress Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Vulnerab

Exploit for php platform in category web applications Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: email protected Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...

9.2AI score0.19151EPSS
Exploits6
exploitpack
exploitpack
added 2017/12/12 12:0 a.m.51 views

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload

Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/...

7.5CVSS0.1AI score0.19151EPSS
Exploits6
Rows per page
Query Builder