Lucene search
K

1339 matches found

wpexploit
wpexploit
added 2022/03/15 12:0 a.m.115 views

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...

6.4CVSS0.2AI score0.00632EPSS
Exploits2
CNVD
CNVD
added 2022/03/02 12:0 a.m.18 views

Maxsite CMS arbitrary file deletion vulnerability

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project . Maxsite CMS has arbitrary file deletion vulnerability , the vulnerability stems from all-files-update-ajax.php in the dir and deletefile parameters for the file name lack of validation , the attacker c...

8.1CVSS3.7AI score0.01042EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/03/01 12:0 a.m.212 views

OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...

5.3CVSS1.2AI score0.00519EPSS
Exploits2
Prion
Prion
added 2022/02/28 9:15 a.m.21 views

Cross site request forgery (csrf)

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...

4.9CVSS8AI score0.00542EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.1078 views

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...

9.1CVSS3.4AI score0.20249EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.146 views

Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection

The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...

9.8CVSS2.4AI score0.15254EPSS
Exploits2References1
0day.today
0day.today
added 2022/02/18 12:0 a.m.221 views

WordPress MasterStudy LMS 2.7.5 Plugin - Unauthenticated Admin Account Creation Vulnerability

Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation Author: Numan Türle CVE: CVE-2022-0441 Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ Version: 2.7.6 https://www.youtube.com/watch?v=SIO6CHXMZk...

9.8CVSS0.8AI score0.84943EPSS
Exploits8
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.88 views

hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update

The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

0.8AI score
Exploits0
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.112 views

WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

6.1CVSS6.2AI score0.0231EPSS
Exploits2
CNVD
CNVD
added 2022/01/25 12:0 a.m.16 views

Sourcecodester Simple Music Clour Community System SQL Injection Vulnerability

Sourcecodester Simple Music Clour Community System is a simple music cloud community system. sourcecodester Simple Music Clour Community System has a SQL injection vulnerability in version v1.0, which originates from the product / music/ajax.php page fails to properly filter the email parameter f...

10CVSS4AI score0.01556EPSS
Exploits1References1
Prion
Prion
added 2022/01/21 4:15 p.m.18 views

Sql injection

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app...

10CVSS9.8AI score0.01751EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
added 2022/01/18 12:0 a.m.407 views

Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting

The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...

6.1CVSS0.3AI score0.02145EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.74 views

Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...

6.6AI score
Exploits0
wpexploit
wpexploit
added 2022/01/14 12:0 a.m.141 views

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

The plugin allows any logged in user, such as subscriber, to extract any other user's email address. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...

4.3CVSS0.3AI score0.00883EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/13 12:0 a.m.92 views

SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...

6.1CVSS3.3AI score0.02291EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.126 views

Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update

The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...

6.5CVSS0.2AI score0.00469EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/06 12:0 a.m.72 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS0.6AI score0.00537EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.74 views

SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting

The plugin does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored in their cookies with an XSS payloa...

8.8CVSS0.7AI score0.00612EPSS
Exploits2
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.94 views

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...

5.4CVSS5.4AI score0.006EPSS
Exploits2
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.113 views

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

5.7CVSS0.00426EPSS
Exploits2References1
Rows per page
Query Builder