Lucene search
K

27 matches found

Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.4 views

CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS7.7AI score0.01987EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.26 views

CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.8CVSS0.01987EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.10 views

PT-2026-3182

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.3CVSS8AI score0.01987EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/22 6:40 a.m.4 views

CVE-2025-10588 PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...

4.3CVSS4.8AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2025/10/22 6:40 a.m.12 views

CVE-2025-10588

CVE-2025-10588 affects PixelYourSite – Your smart PIXEL (TAG) & API Manager (WordPress) up to version 11.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation in the adminEnableGdprAjax() function, enabling unauthenticated attackers to...

4.3CVSS4.8AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43023

Name of the Vulnerable Software and Affected Versions PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress versions up to and including 11.1.2 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of, or incorrect, nonce validation...

4.3CVSS6.2AI score0.00147EPSS
Exploits0References5
wpexploit
wpexploit
added 2022/02/07 12:0 a.m.197 views

AdRotate < 5.8.22 - Admin+ SQL Injection

The plugin does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection Get the nonce from one of the bulk action, for example /wp-admin/admin.php?page=adrotate and look for adrotatenonce ...

7.2CVSS1.1AI score0.01255EPSS
Exploits2
Rows per page
Query Builder