Lucene search
K

1339 matches found

wpexploit
wpexploit
added 2023/02/27 12:0 a.m.145 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure

The plugin does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activation key by default. Run one of the below commands in the developer console ...

6.5CVSS7AI score0.00654EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/23 12:0 a.m.504 views

ReviewX < 1.6.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the filterValue and selectedColumns parameters before using them in SQL statements via the rxexportreview AJAX action available to any authenticated users, leading to a SQL injection exploitable by users with a role as low as subscriber Run the bel...

8.8CVSS9.2AI score0.00872EPSS
Exploits2
Cvelist
Cvelist
added 2023/02/18 7:41 a.m.13 views

CVE-2023-0906 SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function deletecategory of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be...

7.5CVSS9.7AI score0.00658EPSS
Exploits0References2
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.69 views

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

1AI score
Exploits0
Huntr
Huntr
added 2023/01/30 9:22 a.m.24 views

CSRF in all endpoints of /lib/ajax.php by Changing the request method to GET

Description I have found a CSRF in all the request in /lib/ajax.php by changing the request to GET and the page is also get errors. So user cannot use any function on the page Proof of Concept 1. Go to https://demo.froxlor.org/ and login as any user. ie. admin 2. Now open...

6.8CVSS8.4AI score0.00324EPSS
Exploits1
wpexploit
wpexploit
added 2023/01/23 12:0 a.m.538 views

WP Review Slider < 12.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST',...

8.8CVSS9.2AI score0.00919EPSS
Exploits2
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.624 views

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

5.3CVSS1.7AI score0.00694EPSS
Exploits2
NVD
NVD
added 2023/01/13 8:15 p.m.15 views

CVE-2022-46950

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletewindow...

7.2CVSS7.2AI score0.00821EPSS
Exploits1References1
Prion
Prion
added 2023/01/13 8:15 p.m.23 views

Sql injection

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...

7.5CVSS9.7AI score0.00602EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/13 8:15 p.m.21 views

Sql injection

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletewindow...

5.8CVSS7.2AI score0.00821EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2023/01/13 12:0 a.m.223 views

WordPress Slider Revolution 4.6.5 Directory Traversal

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 UpdateCaptionsCSS Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2023/01/13 12:0 a.m.19 views

CVE-2022-46951

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deleteuploads...

7.5AI score0.00821EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/13 12:0 a.m.16 views

CVE-2022-46955

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...

10AI score0.00602EPSS
Exploits0References1
CVE
CVE
added 2023/01/13 12:0 a.m.55 views

CVE-2022-46952

Dynamic Transaction Queuing System v1.0 is affected by a SQL injection vulnerability in the id parameter of /admin/ajax.php?action=delete_user. The CVE-2022-46952 entry documents an in-app SQLi risk with high impact (C/H I/H A/H) and network-based access with no user interaction required; privile...

7.2CVSS7.2AI score0.00821EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2023/01/10 12:0 a.m.495 views

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2023/01/05 12:0 a.m.175 views

Social Warfare < 4.4.0 - Post Meta Deletion via CSRF

The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks...

5.4CVSS2.1AI score0.00374EPSS
Exploits2
Huntr
Huntr
added 2022/12/30 8:19 p.m.32 views

Authenticated HTMLi via theme parameter on /lib/ajax.php

Description The theme parameter is vulnerable to HTMLi on /lib/ajax.php endpoint Proof of Concept - go to https://v2.demo.froxlor.org - Login with a user - Go to https://v2.demo.froxlor.org/lib/ajax.php?action=newsfeed&theme=%3C/br%3E%3Ch1%3EHTMLi%20by%20leorac%3C/h1%3E%3Cbr%3E - You'll see the...

4.9CVSS0.7AI score0.00479EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/12/29 12:0 a.m.17 views

Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access

The plugin does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted request. PoC The nonce can be...

7.5CVSS1.9AI score0.00818EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/17 12:0 a.m.105 views

Bg Bible References <= 3.8.14 - Reflected XSS

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Steps to reproduce: 1. Install the vulnerable plugin bg-biblie-references 3.18.4 2. As an unauthenticated or authenticated user, visit the following URL which...

6.1CVSS0.00551EPSS
Exploits2
wpexploit
wpexploit
added 2022/12/13 12:0 a.m.387 views

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...

3.5CVSS3.9AI score0.00488EPSS
Exploits2
Rows per page
Query Builder