1339 matches found
Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types
The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...
Maxsite CMS arbitrary file deletion vulnerability
MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project . Maxsite CMS has arbitrary file deletion vulnerability , the vulnerability stems from all-files-update-ajax.php in the dir and deletefile parameters for the file name lack of validation , the attacker c...
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...
Cross site request forgery (csrf)
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files...
Formcraft3 < 3.8.28 - Unauthenticated SSRF
The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users https://example.com/wp-admin/admin-ajax.php?action=formcraft3get&URL=https://wpscan.com...
Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection
The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl https://example.com/wp-admin/admin-ajax.php --data...
WordPress MasterStudy LMS 2.7.5 Plugin - Unauthenticated Admin Account Creation Vulnerability
Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation Author: Numan Türle CVE: CVE-2022-0441 Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ Version: 2.7.6 https://www.youtube.com/watch?v=SIO6CHXMZk...
hub2word <= 1.1.0 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF checks in its Hub2Wordsavesettings AJAX action, and does not validate the option key to be updated. As a result, any authenticated user, such as subscriber could update arbitrary WordPress options POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...
WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting
The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...
Sourcecodester Simple Music Clour Community System SQL Injection Vulnerability
Sourcecodester Simple Music Clour Community System is a simple music cloud community system. sourcecodester Simple Music Clour Community System has a SQL injection vulnerability in version v1.0, which originates from the product / music/ajax.php page fails to properly filter the email parameter f...
Sql injection
An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app...
Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
The plugin does not sanitise and escape the formid parameter before outputting it back in the response of an unauthenticated request via the givecheckoutlogin AJAX action, leading to a Reflected Cross-Site Scripting As an unauthenticated user: alert/XSS/' / var form1 =...
Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...
Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
The plugin allows any logged in user, such as subscriber, to extract any other user's email address. fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it won't be...
Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update
The plugin does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example To add a product: fetch"https://example.com/wp-admin/admin-ajax.php",...
IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...
SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting
The plugin does not have CSRF check in the wpsctickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter stored in their cookies with an XSS payloa...
WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS
The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...
Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...