CVE-2024-4533 KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-28384 · WordPress · Flattr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Flattr WordPress plugin versions 1.2.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-21791

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-21791 SQL Injection in ADAudit Plus

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-21791 SQL Injection in ADAudit Plus

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability...

CVE-2024-4289

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-4290

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3548

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Meinberg LANTIME Arbitrary File Read (CVE-2018-10835)

Admin users were able to exchange web interface data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-2837

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2024-22706 · WordPress · Call Now Button

Name of the Vulnerable Software and Affected Versions: The Call Now Button WordPress plugin versions prior to 1.4.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...

PT-2024-15909 · WordPress · Fancy Product Designer

Name of the Vulnerable Software and Affected Versions: The Fancy Product Designer WordPress plugin versions prior to 6.1.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back...

CVE-2024-3265

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...

CVE-2023-7253

The CVE-2023-7253 entry concerns the Import WP WordPress plugin prior to version 2.13.1, where users with the Administrator role can trigger server-side requests (SSRF), with potential impact in multisite deployments. Root cause described across connected records is inadequate prevention of ping-...

PT-2024-22966 · WordPress · The Floating Chat Widget

Name of the Vulnerable Software and Affected Versions: The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin versions prior to 3.1.9 Description: The issue allows high privilege users, such as admins, to perform...

Open Source Medicine Ordering System v1.0 - SQL injection Exploit

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb Extracted Admin Users...

Open Source Medicine Ordering System 1.0 SQL Injection

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

CVE-2024-2444

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...