CVE-2016-10973

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php...

EUVD-2021-11849

Malware in sbrugna...

📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

WordPress KKProgressbar2 version 1.1.4.2 cross site request forgery proof of concept exploit. Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request Forgery CSRF Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...

EUVD-2022-15735

Malicious code in bioql PyPI...

CVE-2022-30399

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggersmerch/admin/?page=maintenance/managecategory=...

CVE-2022-1694

The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form...

CVE-2018-10121

plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages=editpage=error404 aka Edit 404 page action...

User Activity Tracking and Log < 4.0.9 - License Update/Deactivation via CSRF

Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks Make a logged in admin open a page with the code below To make them deactivate the license To make th...

Simple Social Networking Site SQL注入漏洞

Simple Social Networking Site is a social networking site. Simple Social Networking Site has a security vulnerability that can be exploited by attackers to conduct SQL injection attacks via /sns/admin/?page=user/manageuser&id=...

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue /wp-admin/admin.php?page=popup-wp-supsystic&tab="onmouseover=alert1//...

CVE-2018-20571

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file...

Easy to enterprise network Cms Admin Page Bypass

No description provided by source...

HPE - News Portal Engine

Product : HPE - News Portal Engine Version : 4.0 beta WebSite : http://news.is.free.fr Problem : phpinfo Description: ------------ phpinfo.php =========== ... HPEbeginPage"PHPinfo"; phpinfo; HPEendPage; ... =========== Exploit: -------- http://somehost/HPEdir/HPE/admin/pages/phpinfo.php...