Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

Newsletter < 6.8.2 - Authenticated Cross-Site Scripting (XSS)

Newsletter suffers from an Authenticated Reflected Cross-Site ScriptingXSS vulnerability via the ‘tnpcrender’ AJAX action found in newsletter/emails/emails.php. Due to how the corresponding ‘tnpcrendercallback‘ function decodes input via the ‘restoreoptionsfromrequest’ function and renders them v...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

Cross site scripting

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

CVE-2020-14962

The CVE-2020-14962 issue affects the WordPress Final Tiles Gallery/FTG Lite plugin (versions before 3.4.19). The underlying vulnerability is Cross-Site Scripting (XSS) in the image handling: attacker-supplied input in the image Title (imageTitle) or Description (caption) fields passed to wp-admin...

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo - Drive:...

Ajax Load More < 5.3.2 - Authenticated SQL Injection

The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep5=test. The attacker needs to be authenticated with the editthemeoptions capability, which only administrators have by default. PoC...

Accordion < 2.2.9 - Unprotected AJAX Action to Stored/Reflected XSS

This flaw allowed any authenticated user with subscriber-level and above permissions the ability to import a new accordion and inject malicious Javascript as part of the accordion. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: URL Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0...

Cross site scripting

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several o...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...

CVE-2015-1394

Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...

CVE-2015-1394

The CVE-2015-1394 entry corresponds to multiple XSS vulnerabilities in the WordPress plugin Photo Gallery (before 1.2.11). The vulnerability allows remote authenticated users to inject arbitrary JavaScript/HTML via parameters (sort_by, sort_order, items_view, dir, clipboard_task, clipboard_files,...

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

Cross site scripting

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

CVE-2020-7104

CVE-2020-7104 affects the WordPress Chained Quiz plugin. Versions

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

Code injection

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...