25 matches found
CVE-2021-25119
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...
WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin LearnPress versions = 4.2.7.1...
WordPress Shipdeo plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin Shipdeo versions = 1.2.8...
WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin User Management versions = 1.2...
WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Hide Login+ versions = 3.5.1...
WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability
CSRF to Broken Authentication vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin gap-hub-user-role versions = 3.4.1...
WordPress FV Descriptions plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin FV Descriptions versions = 1.4...
WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Wovax IDX versions = 1.2.2...
WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Posts Date Ranges versions = 2.2...
WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Projectopia versions = 5.1.7...
WordPress DeBounce Email Validator plugin <= 5.6.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin DeBounce Email Validator versions = 5.6.5...
WordPress SKT Donation plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin SKT Donation versions = 1.9...
WordPress ThriveDesk plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin ThriveDesk versions = 2.0.6...
WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Multi Step Form versions = 1.7.21...
WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Simple Membership versions = 4.5.3...
WordPress LaTeX2HTML plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin LaTeX2HTML versions = 2.5.4...
WordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin ElementsReady Addons for Elementor versions 6.4.2...
WordPress Polls CP plugin <= 1.0.74 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin CP Polls versions = 1.0.74...
WordPress AGIL plugin file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress AGIL plugin 1.0 and earlier versions have a file upload vulnerability, which stems from accepting a...
CVE-2021-25119
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...