CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

Cross site request forgery (csrf)

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

Code injection

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

WordPress SlickQuiz 1.3.7.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...

CVE-2018-21013

The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php...

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

Cross site scripting

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

WordPress Download Manager Plugin Cross-Site Request Forgery

A cross-site request forgery vulnerability has been reported in WordPress Download Manager Plugin. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...

CVE-2015-9332

The CVE-2015-9332 issue affects the WordPress uninstall plugin (before v1.2). The vulnerability is a Cross-Site Request Forgery (CSRF) that can trigger uninstall to delete all database tables via wp-admin/admin-ajax.php?action=uninstall, as described in multiple sources (WordPress uninstall plugi...

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...

Code injection

The toggle-the-title aka Toggle The Title plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=updatetitleoptions isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter...

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...

CVE-2019-14790

The CVE-2019-14790 entry concerns the WordPress plugin limb-gallery (aka Limb Gallery) up to version 1.4.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exposed via the parameter wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode in the GrsGalleryAjax shortcode task. Publ...

WordPress Download Manager 2.5 Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...

CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcodebwg tagtext parameter...

CVE-2019-14787

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newslettersloadneweditor contentarea parameter...

Cross site request forgery (csrf)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...