CVE-2022-2983 Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting

The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3831 reCAPTCHA <= 1.6 - Admin+ Stored XSS

The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3601 Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-24360 · WordPress · Recaptcha Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: reCAPTCHA WordPress plugin versions prior to 1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape som...

WordPress plugin Google Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...

The existence of the tokenID is not validated in distributeFees()

Lines of code Vulnerability details Impact Turnstile contract has distributeFees function which the Canto team/smart contract utilizes to distribute the fees to the tokenID's for the smart contract that is registered through register function. The existence of the tokenID's are checked both in...

GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate toward the GYG Ticketing and GYG...

Buddybadges <= 1.0.0 - Admin+ SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC https://example.com/wp-admin/options-general.php?page=buddybadge&wpedit=b2f9b59706=1+AND+SELECT+7741+FROM+SELECTSLEEP10hlAf...

News Announcement Scroll < 9.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to New Form » go to the Settings...

CVE-2022-41611

Cross-site Scripting XSS vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application...

CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Comic Book Management System < 2.2.0 - Admin+ SQLi

The plugin does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. PoC https://example.com/wp-admin/admin.php?page=cbmsweeklypicksadmin=updatepicks=1+AND+SELECT+7741+FROM+SELECTSLEEP3hlAf POST...

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. PoC 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click...

CVE-2022-40981

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full...

Authentication flaw

UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service...

Add Comments <= 1.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST...

Seed Social < 2.0.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Put the following payload in any of the...

CVE-2022-33187 : Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. Products Affected Brocade SANnav versions before v2.2.1 Products Confirmed Not Affected No other Brocade Fibre...

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. PoC 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML...