Lucene search
K

1339 matches found

wpexploit
wpexploit
โ€ขadded 2021/10/05 12:0 a.m.โ€ข129 views

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Unauthenticated Arbitrary Admin Account Creation

The tcpregisterandloginajax AJAX action of the plugin allows unauthenticated users to create accounts with an arbitrary role such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5...

2.9AI score
Exploits0References1
wpexploit
wpexploit
โ€ขadded 2021/09/23 12:0 a.m.โ€ข199 views

3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

Description The plugin does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS7.5AI score0.067EPSS
Exploits2References1
Packet Storm
Packet Storm
โ€ขadded 2021/09/23 12:0 a.m.โ€ข210 views

WordPress 3DPrint Lite 1.9.1.4 Shell Upload

Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage:...

7.4AI score
Exploits0
wpexploit
wpexploit
โ€ขadded 2021/09/20 12:0 a.m.โ€ข893 views

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin's configurations. 1 Turn off "Turn On Catch Themes & Catch Plugin tabs" jQuery.postajaxurl,...

5.7CVSS1AI score0.00408EPSS
Exploits2
Cvelist
Cvelist
โ€ขadded 2021/08/30 4:4 p.m.โ€ข18 views

CVE-2020-18125

A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

6AI score0.00574EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/08/27 3:25 a.m.โ€ข8 views

Path Traversal in os4ed/opensis-classic

โœ๏ธ Description The ajax.php modname parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept // Ajax.php GET /Ajax.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302 Found Location: index.php...

2.4AI score
Exploits0
CVE
CVE
โ€ขadded 2021/08/10 7:2 p.m.โ€ข54 views

CVE-2021-37389

CVE-2021-37389 affects Chamilo 1.11.14. The vulnerability is a stored XSS in the installer paths main/install/index.php and main/install/ajax.php via the port parameter. The connected documents consistently describe this CVE as a stored XSS issue in Chamilo LMS and do not provide exploitation det...

6.1CVSS6.2AI score0.01025EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
โ€ขadded 2021/08/10 12:0 a.m.โ€ข548 views

Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting

The createpostpage AJAX action of the plugin available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue '...

3.5CVSS0.3AI score0.006EPSS
Exploits2
Cvelist
Cvelist
โ€ขadded 2021/08/03 6:7 p.m.โ€ข17 views

CVE-2021-35343

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

5AI score0.00525EPSS
Exploits0References1
wpexploit
wpexploit
โ€ขadded 2021/08/02 12:0 a.m.โ€ข553 views

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

6.1CVSS0.3AI score0.00855EPSS
Exploits2
wpexploit
wpexploit
โ€ขadded 2021/07/27 12:0 a.m.โ€ข553 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

4.3CVSS0.4AI score0.00428EPSS
Exploits1
wpexploit
wpexploit
โ€ขadded 2021/07/24 12:0 a.m.โ€ข133 views

Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection

The daacdeletebookingcallback function, hooked to the daacdeletebooking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and...

6.5CVSS0.3AI score0.00821EPSS
Exploits2References1
Prion
Prion
โ€ขadded 2021/07/19 9:15 p.m.โ€ข25 views

Design/Logic Flaw

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php tdblockid parameter in a tdajaxblock API call...

4.3CVSS5.9AI score0.00828EPSS
Exploits1References2Affected Software1
wpexploit
wpexploit
โ€ขadded 2021/07/05 12:0 a.m.โ€ข127 views

Haxcan <= 1.0.0 - Arbitrary File Access

The plugin does not properly ensure that the file to be accessed is within the blog, allowing high privilege users to read any file on the web server. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

0.6AI score
Exploits0
wpexploit
wpexploit
โ€ขadded 2021/07/02 12:0 a.m.โ€ข192 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS0.6AI score0.00646EPSS
Exploits2References1
wpexploit
wpexploit
โ€ขadded 2021/06/30 12:0 a.m.โ€ข124 views

Title Field Validation <= 1.1 - Unauthorised AJAX Calls

The plugin does not properly check for CSRF in its findposttype, savevalidation, editvalidation, updatevalidation and deletevalidation AJAX actions. Additionally, the actions were also missing any capability checks. As a result, any authenticated user such as subscriber could call them to create,...

Exploits0
Packet Storm
Packet Storm
โ€ขadded 2021/06/28 12:0 a.m.โ€ข599 views

WordPress wpDiscuz 7.0.4 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthenticated File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress...

7.5CVSS0.94535EPSS
Exploits19
Prion
Prion
โ€ขadded 2021/06/17 4:15 p.m.โ€ข17 views

Code injection

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework before 1.2.2 wp-content/themes/elemin/themify/themify-ajax.php file...

7.5CVSS8.1AI score0.03875EPSS
Exploits1References4Affected Software1
wpexploit
wpexploit
โ€ขadded 2021/06/14 12:0 a.m.โ€ข252 views

Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action, leading to a Reflected Cross-site Scripting XSS vulnerability. POST /demo/wp-admin/admin-ajax.php HTTP/1.1 Host: jannah.tielabs.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0...

6.1CVSS0.7AI score0.02697EPSS
Exploits2
wpexploit
wpexploit
โ€ขadded 2021/06/08 12:0 a.m.โ€ข541 views

JoomSport < 5.1.8 - Unauthenticated PHP Object Injection

The joomsportmdload AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other...

9.8CVSS2.1AI score0.02068EPSS
Exploits2
Rows per page
Query Builder