1339 matches found
WordPress Photo Gallery 1.5.69 Cross Site Scripting Vulnerability
WordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities. WordPress Photo Gallery 1.5.69 Cross Site Scripting Vulnerability Researcher Name: ThuraMoeMyint Twitter: https://twitter.com/mgthuramoemyint Vendor Url:...
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
Sql injection
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
CVE-2021-24199
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'start' HTTP POST parameter. Th...
WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS)
An AJAX action registered by the plugin did not have capability checks nor sanitization, allowing low privilege users subscriber+ to call it and set XSS payloads, which will be triggered in all backend pages. Version 4.5.6 fixed the XSS issue with sanitization of the parameters, but did not fix t...
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
The tutorquizbuildergetanswersbyquestion AJAX action from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. python3 sqlmap.py -r /tutorunion.txt --dbms=mysql --technique=U -p questionid --dump Where tutorunion.txt is POST /wp-admin/admin-ajax.php HTTP/1.1...
Sql injection
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...
CVE-2021-3318
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter...
CVE-2021-3318
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter...
CVE-2021-3318
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter...
CVE-2021-3318
CVE-2021-3318 affects DzzOffice
Cross site scripting
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the metatitle parameter...
CVE-2020-35581
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the metatitle parameter...
Simple Social Buttons < 3.2.1 - Unauthenticated Reflected Cross-Site Scripting
The version 3.2.0 attempted to fix a reflected Cross-Site Scripting issue, by adding a CSRF check, which does not fully remediate it as unauthenticated users will all have the same nonce generated and valid for 12h to 24h, or 2 WP ticks. Only unauthenticated users can be attacked with this issue...
Sql injection
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
Dynamic Content for Elementor < 1.9.6 - Authenticated RCE
The PHP Raw Widget https://www.dynamic.ooo/widget/php-raw/ of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com...
Authentication flaw
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file adminclass.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract...
Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload
The aoccssimport AJAX call does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. https://drive.google.com/file/d/1siZsDiJsYRCw58Ksram5zBJOVbs-Hio1/view?usp=sharing POST /wp-admin/admin-ajax.php HTTP/1...
CVE-2020-20633
ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...
CVE-2020-20633
ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...