CVE-2022-2843 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

Remote code execution

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

CVE-2022-28590

CVE-2022-28590 affects Pixelimity 1.0. The vulnerability enables remote code execution via admin/admin-ajax.php?action=install_theme. Multiple sources describe an arbitrary file upload path that can lead to code execution, with public PoC showing webshell upload to facilitate further access. The ...

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Date: 2/27/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any...

WordPress Easy Cookie Policy 1.6.2 Plugin - Broken Access Control to Stored XSS Vulnerability

Exploit Title: WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/easy-cookies-policy/ Version: 1.6.2 Tested on: Windows 10 CVE: CVE-2021-24405 1. Description: Broken access control allows any authenticated use...

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart&artID=sleep10 v 6.1.6 -...

LearnPress < 4.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...

WordPress MasterStudy LMS 2.7.5 Plugin - Unauthenticated Admin Account Creation Vulnerability

Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation Author: Numan Türle CVE: CVE-2022-0441 Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ Version: 2.7.6 https://www.youtube.com/watch?v=SIO6CHXMZk...

hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...