14 matches found
CVE-2025-15157
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srmrestoreoptionsdefaults' function in all versions up to, and including, 3.1.19. This...
CVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
CVE-2025-64062
The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...
CVE-2025-10678 Admin with default credentials in NetBird VPN
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...
CVE-2024-13852
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...
CVE-2024-5324
The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...
Library Management System With QR Code 1.0 SQL Injection Vulnerability
Title: Library Management System with QR code Attendance 1.0 SQL Injection Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
WordPress GiveWP 2.9.7 Cross Site Scripting
Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...
Cross-Site Scripting (XSS)
archiva-repository-admin-default is vulnerable to cross-site scripting. A remote authenticated attacker who has administrative access to modify the central configurations, is able to inject arbitrary Javascript into a victim's browser via the central configuration entries such as the logo URL...
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2019-35826)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in the admin/default.php file in PHPMyWind v5.5, which can be exploited by a remote attacker to inject arbitrary Web script or HTML with the help of HTTP...
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases...
Km tourism site management system 3. 0 many of the mentally vulnerability and fix-vulnerability warning-the black bar safety net
by:Mr. DzY Km tourism site management system is the latest development of a tourism industry website management system, effective to help you build the tourism electronic Commerce website. The system contains the article release module, hotel module, ticket module, vacation module, module, image...
The Amazing Little Poll Admin Pwd
SOFTWARE ========= The Amazing Little Poll DESCRIPTION ============ google dork = "The Amazing Little Poll" and go to admin page /lpadmin.php default password dsapoll input to login admin or add to last path /lpsettings.inc and take administrator passwd $pwd="dsapoll"; ; create a new pol...