13 matches found
CVE-2026-1499
The CVE-2026-1499 issue affects the WP Duplicate (Local Sync) WordPress plugin, versions up to and including 1.1.8. The root cause is a missing capability check on the process_add_site AJAX action, combined with path traversal in the file upload flow, allowing an authenticated (subscriber-level) ...
CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action
The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...
WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability
Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...
EUVD-2020-7169
Malware in sbrugna...
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...
CVE-2017-11167
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...
Code injection
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...
CVE-2017-11167
CVE-2017-11167 affects FineCMS 2.1.0. The vulnerability allows remote attackers to execute arbitrary PHP code by abusing the URL Manager’s “Add Site” action: entering code after a ', sequence in a domain name, demonstrated with ',phpinfo()'. Connected CNVD/CNVD-2017-15550 and NVD entries corrobor...
PHPLinks 2.1.2 Add Site HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php'...
phpLinks 2.1.2 - Multiple Vulnerabilities
phpLinks 2.1.2 - Multiple Vulnerabilities phpLinks Multiple Vulnerabilities Vendor: destiney.com Product: phpLinks Version: = 2.1.2 Website: http://phplinks.sourceforge.net/ BID: 6632 6633 Description: phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link far...