CVE-2025-14029

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

CVE-2023-2354

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-43609)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxadminapis.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. ...

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43140)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxadminapis.php file not...

CVE-2020-15613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxadminapis.php. When parsing the line parameter, the process does...

CVE-2020-15607

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxadminapis.php. When parsing the line parameter, the process does...

PT-2020-14529 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax admin apis.p...

Wordpress simple-ads-manager Information Disclosure (CVE-2015-2826)

An information disclosure vulnerability has been reported in "Wordpress simple-ads-manager plug-in". The vulnerability is due to improper sanitizing of the sam-ajax-admin.php script. Successful exploitation will allow a remote attacker to reveal the user's sensitive information...

WordPress Simple Ads Manager Arbitrary File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Simple Ads Manager is an ad management plugin for wordpress. An arbitrary file upload vulnerability ...

WordPress Plugin Simple Ads Manager SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Simple Ads Manager is one of the plug-ins used to manage ads. A SQL injection vulnerability exists in the...