Block WP Login <= 1.3.0 - CSRF and Unauthorised Settings Update

Lack of CSRF and authorisation checks in the bwplconfigureslug function registered as an admininit action could allow attacker via CSRF, or unauthenticated using the admin-ajax.php to change the plugin settings located at /wp-admin/options-permalink.php and disable the protection offered. v1.3.1...

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

WordPress Contact Form Builder Plugin < 1.0.69 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Design/Logic Flaw

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

Default credentials

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csresetpass function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account...

CVE-2018-19488

The CVE-2018-19488 entry concerns the WP-jobhunt WordPress plugin prior to version 2.4. An authentication- bypass flaw exists where AJAX requests to cs_reset_pass() via admin-ajax.php are not properly controlled, enabling remote unauthenticated attackers to reset a user’s password. This is suppor...

CVE-2018-19487

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...

CVE-2018-19487

The CVE affects the WordPress WP-jobhunt plugin prior to version 2.4. The root cause is lack of access control for AJAX requests to cs_employer_ajax_profile() via admin-ajax.php, enabling remote unauthenticated attackers to enumerate user information. Practical impact is information disclosure ab...

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

CVE-2018-15818

CMS/plugin: Repute ARForms 3.5.1 and earlier. A vulnerability allows an attacker to delete arbitrary files on the server by sending a malicious request to admin-ajax.php, abusing web server privileges. Affected component is the plugin’s admin AJAX endpoint; impact is file deletion with partial in...

Cross site request forgery (csrf)

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

CVE-2019-1000003

MapSVG Lite 3.2.3 is affected by a CSRF in the mapsvg_save AJAX endpoint (/wp-admin/admin-ajax.php?action=mapsvg_save) that can allow an authenticated admin to modify post data (including embedded JavaScript). Exploitation requires the attacker to have an admin account and to entice the admin to ...

CVE-2018-19042

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...

CVE-2019-6703

CVE-2019-6703 affects the Total Donations WordPress plugin (up to 2.0.5/2.0.6) via an incorrect access control in migla_ajax_functions.php. This flaw allows unauthenticated attackers to call miglaA_update_me through wp-admin/admin-ajax.php and modify arbitrary WordPress option values, enabling ac...

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...

Cross site scripting

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

advancedcustomfields.com XSS vulnerability

Open Bug Bounty ID: OBB-707391 Description| Value ---|--- Affected Website:| advancedcustomfields.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...