Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The plugin does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted request. PoC The nonce can be...

Bg Bible References <= 3.8.14 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Steps to reproduce: 1. Install the vulnerable plugin bg-biblie-references 3.18.4 2. As an unauthenticated or authenticated user, visit the following URL which...

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080 User-Agen...

WordPress ImageMagick-Engine 1.7.4 Remote Code Execution

Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...

WordPress Scripts Organizer Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file upload...

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made As unauthenticated, make a reservation ie on a page where the reservationform is embed and...

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

Craw Data <= 1.0.0 - Server Side Request Forgery

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF. When configuring the CrawData addon, the request is as follows GET...

CVE-2022-2843

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

Cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

CVE-2022-2843 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

CVE-2022-2843

CVE-2022-2843 affects MotoPress Timetable and Event Schedule (WordPress plugin). The vulnerability exists in the Quick Edit path via /wp-admin/admin-ajax.php, where manipulating the post_title parameter with the payload triggers cross-site scripting. Exploitation may be remote. The issue is docu...

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection

The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

Remote code execution

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...