WordPress WP GDPR Compliance Plugin Privilege Escalation

The Wordpress GDPR Compliance plugin 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin = v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is...

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...

CVE-2018-18373

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sbajaxaddmessage action...

CVE-2018-18373

CVE-2018-18373 concerns the Schiocco “Support Board – Chat And Help Desk” WordPress plugin (version 1.2.3). The stored XSS occurs in file upload areas within the Chat and Help Desk sections via the msg parameter in the /wp-admin/admin-ajax.php sb_ajax_add_message action. Multiple connected source...

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...

Design/Logic Flaw

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

CVE-2018-16285

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

CVE-2018-16159

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the templateid parameter in a wp-admin/admin-ajax.php wpgvdoajaxfronttemplate request...

themesdad.com XSS vulnerability

Open Bug Bounty ID: OBB-669086 Description| Value ---|--- Affected Website:| themesdad.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

downloadnulled.pw XSS vulnerability

Open Bug Bounty ID: OBB-669047 Description| Value ---|--- Affected Website:| downloadnulled.pw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

freethemes.space XSS vulnerability

Open Bug Bounty ID: OBB-669025 Description| Value ---|--- Affected Website:| freethemes.space Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

hirezstudios.com XSS vulnerability

Open Bug Bounty ID: OBB-665747 Description| Value ---|--- Affected Website:| hirezstudios.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

satoriz.fr XSS vulnerability

Open Bug Bounty ID: OBB-663779 Description| Value ---|--- Affected Website:| satoriz.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ageliesergasias.gr XSS vulnerability

Open Bug Bounty ID: OBB-654798 Description| Value ---|--- Affected Website:| ageliesergasias.gr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme by tagdiv 8.1.1 Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Design/Logic Flaw

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

enggwave.com XSS vulnerability

Open Bug Bounty ID: OBB-652984 Description| Value ---|--- Affected Website:| enggwave.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme by tagdiv 8.1.1 Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....

mfk-falken.dk XSS vulnerability

Open Bug Bounty ID: OBB-638057 Description| Value ---|--- Affected Website:| mfk-falken.dk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

missadventure.de XSS vulnerability

Open Bug Bounty ID: OBB-638053 Description| Value ---|--- Affected Website:| missadventure.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mairie-longuesse.fr XSS vulnerability

Open Bug Bounty ID: OBB-638048 Description| Value ---|--- Affected Website:| mairie-longuesse.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...