Lucene search
K

13 matches found

CVE
CVE
added 2026/02/06 8:25 a.m.31 views

CVE-2026-1499

The CVE-2026-1499 issue affects the WP Duplicate (Local Sync) WordPress plugin, versions up to and including 1.1.8. The root cause is a missing capability check on the process_add_site AJAX action, combined with path traversal in the file upload flow, allowing an authenticated (subscriber-level) ...

8.8CVSS6.2AI score0.0094EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/06 8:25 a.m.4 views

CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

8.8CVSS6.2AI score0.0094EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/02/06 6:14 a.m.6 views

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

9.8CVSS5.3AI score0.0094EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7169

Malware in sbrugna...

4.8CVSS5.2AI score0.00539EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.6 views

CVE-2020-15041

PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...

4.8CVSS5.9AI score0.00539EPSS
Exploits1
OSV
OSV
added 2023/06/20 5:15 a.m.5 views

CVE-2023-3325

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

9.8CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/06/24 9:15 p.m.2 views

CVE-2020-15041

PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...

4.8CVSS5.1AI score0.00539EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/06/24 8:33 p.m.15 views

CVE-2020-15041

PHP-Fusion 9.03.60 allows XSS via the administration/sitelinks.php Add Site Link field...

5.8AI score0.00539EPSS
Exploits1References1
NVD
NVD
added 2017/07/12 1:29 p.m.28 views

CVE-2017-11167

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...

9.8CVSS9.7AI score0.01524EPSS
Exploits1References1
Prion
Prion
added 2017/07/12 1:29 p.m.16 views

Code injection

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...

7.5CVSS9.7AI score0.01524EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/12 1:0 p.m.46 views

CVE-2017-11167

CVE-2017-11167 affects FineCMS 2.1.0. The vulnerability allows remote attackers to execute arbitrary PHP code by abusing the URL Manager’s “Add Site” action: entering code after a ', sequence in a domain name, demonstrated with ',phpinfo()'. Connected CNVD/CNVD-2017-15550 and NVD entries corrobor...

9.8CVSS9.6AI score0.01524EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.2123 views

PHPLinks 2.1.2 Add Site HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php'...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2003/01/17 12:0 a.m.64 views

phpLinks 2.1.2 - Multiple Vulnerabilities

phpLinks 2.1.2 - Multiple Vulnerabilities phpLinks Multiple Vulnerabilities Vendor: destiney.com Product: phpLinks Version: = 2.1.2 Website: http://phplinks.sourceforge.net/ BID: 6632 6633 Description: phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link far...

0.2AI score
Exploits0
Rows per page
Query Builder