104 matches found
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. PoC https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing Payload: aps-social id="1 and sleep3"...
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing Payload: aps-social id="1 and sleep3"...
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...
Cross site scripting
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...
CVE-2020-25378
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...
CVE-2020-25378
Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...
PT-2020-16073 · Accesspress Themes · Accesspress Themes Wp Floating Menu
Name of the Vulnerable Software and Affected Versions: AccessPress Themes WP Floating Menu version 1.3.0 Description: The issue concerns a Cross Site Scripting XSS problem. It is exploited via the id GET parameter. Recommendations: For version 1.3.0, update to a newer version that contains a fix...
WordPress AccessPress Anonymous Post Pro plugin <=3.1.8 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability found by Colette Chamberland in WordPress AccessPress Anonymous Post Pro plugin versions =3.1.8. Improper sanitization leads make it possible to upload any file with any extension. Solution Update the WordPress AccessPress Anonymous Post Pro...
CVE-2017-16949
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...
Input validation
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...
AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. OST...
AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload
Improper sanitization allows the attacker to override the settings for allowed file extensions and upload file size. This allows the attacker to upload anything they want, bypassing the filters. PoC OST /wp-admin/admin-ajax.php?action=apfileuploadactionuploadernonce=nonce=php=64000 HTTP/1.1...
CVE-2017-16949
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and...
CVE-2017-16949
Summary: CVE-2017-16949 affects the AccessKeys AccessPress Anonymous Post Pro WordPress plugin (versions up to 3.1.9). Improper input sanitization in the file-upload components (inc/cores/file-uploader.php and file-uploader/file-uploader-class.php) allows an unauthenticated attacker to override a...
Accesspress Anonymous Post Pro Unauthenticated Arbitrary File Upload
Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...
Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload
Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...
WordPress Accesspress Anonymous Post Pro < 3.2.0 - Unauthenticated Arbitrary File Upload Vulnerab
Exploit for php platform in category web applications Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: email protected Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...
Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload
Accesspress Anonymous Post Pro 3.2.0 - Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/...