Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. PoC Create a new download on:...

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC In the settings of the plugin, add the following payload to the text before the form:...

CVE-2022-34402

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service...

CVE-2022-39207

The CVE-2022-39207 issue affects OneDev (Onedev) Build artifacts handling. It allows XSS via artifacts saved during CI/CD, served in the UI context without additional restrictions. The underlying cause is HTML content in artifacts being rendered by browsers, enabling a session-credential theft ri...

Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Settings...

CVE-2022-23684

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their...

CVE-2022-2775

The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2271

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The plugin allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. PoC Activate PHP extension: - Log in and go to "CM Downloads" "Settings" "General"...

PT-2022-15646 · WordPress · Wp Database Backup

Name of the Vulnerable Software and Affected Versions: WP Database Backup WordPress plugin versions prior to 5.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

CVE-2022-2374

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...

Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...

Admin Privilege - Owner can Withdraw all ETH

Lines of code Vulnerability details The function withdraw is meant to allow sweeping of ETH, the purpose is probably to simplify the process of getting back ETH that wasn't meant to be sent, or to take back ETH used for Gas Refunds. However the function itself can be viewed as a tool to steal...

Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Text for the button" or...

Ajax Load More < 5.5.4 - Admin+ Arbitrary File Read

The plugin does not validate a path which could allow high privilege users such as admin to read arbitrary files from the server...

PT-2022-16124 · WordPress · Wp Social Chat

Name of the Vulnerable Software and Affected Versions: WP Social Chat WordPress plugin versions prior to 6.0.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some of its settings...

Broken Link Checker < 1.11.17 - Admin+ PHAR Deserialization

The plugin does not validate a parameter, which could allow high privilege users such as admin to perform PHAR deserialisation when a suitable gadget chain is also present...

Cross site scripting

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2424

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2411

The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...