MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...

Cross site scripting

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

advancedcustomfields.com XSS vulnerability

Open Bug Bounty ID: OBB-707391 Description| Value ---|--- Affected Website:| advancedcustomfields.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress WP GDPR Compliance Plugin Privilege Escalation

The Wordpress GDPR Compliance plugin 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin = v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is...

Cross site request forgery (csrf)

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

CVE-2018-19332

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...

CVE-2018-18373

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sbajaxaddmessage action...

CVE-2018-18373

CVE-2018-18373 concerns the Schiocco “Support Board – Chat And Help Desk” WordPress plugin (version 1.2.3). The stored XSS occurs in file upload areas within the Chat and Help Desk sections via the msg parameter in the /wp-admin/admin-ajax.php sb_ajax_add_message action. Multiple connected source...

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...

Design/Logic Flaw

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

CVE-2018-16285

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

CVE-2018-16159

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the templateid parameter in a wp-admin/admin-ajax.php wpgvdoajaxfronttemplate request...

themesdad.com XSS vulnerability

Open Bug Bounty ID: OBB-669086 Description| Value ---|--- Affected Website:| themesdad.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

downloadnulled.pw XSS vulnerability

Open Bug Bounty ID: OBB-669047 Description| Value ---|--- Affected Website:| downloadnulled.pw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

freethemes.space XSS vulnerability

Open Bug Bounty ID: OBB-669025 Description| Value ---|--- Affected Website:| freethemes.space Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

hirezstudios.com XSS vulnerability

Open Bug Bounty ID: OBB-665747 Description| Value ---|--- Affected Website:| hirezstudios.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

satoriz.fr XSS vulnerability

Open Bug Bounty ID: OBB-663779 Description| Value ---|--- Affected Website:| satoriz.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ageliesergasias.gr XSS vulnerability

Open Bug Bounty ID: OBB-654798 Description| Value ---|--- Affected Website:| ageliesergasias.gr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme by tagdiv 8.1.1 Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...