Lucene search
K

1339 matches found

CVE
CVE
added 2020/02/11 7:12 p.m.69 views

CVE-2012-2517

CVE-2012-2517 is an XSS vulnerability in PrestaShop before 1.4.9. The issue arises from unsanitized input in the POST/parameter named product[] to ajax.php , allowing remote attackers to inject arbitrary HTML/JS. Reported impact is cross-site scripting with potential execution in the administrato...

6.1CVSS6AI score0.01888EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2020/02/11 7:12 p.m.34 views

CVE-2012-2517

Cross-site scripting XSS vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product parameter to ajax.php...

6.1AI score0.01888EPSS
Exploits3References2
Prion
Prion
added 2020/02/08 5:15 p.m.31 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...

3.5CVSS5.7AI score0.02331EPSS
Exploits4References5Affected Software1
Cvelist
Cvelist
added 2020/02/08 4:45 p.m.33 views

CVE-2015-1394

Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...

5.3AI score0.02331EPSS
Exploits4References5
CVE
CVE
added 2020/02/08 4:45 p.m.171 views

CVE-2015-1394

The CVE-2015-1394 entry corresponds to multiple XSS vulnerabilities in the WordPress plugin Photo Gallery (before 1.2.11). The vulnerability allows remote authenticated users to inject arbitrary JavaScript/HTML via parameters (sort_by, sort_order, items_view, dir, clipboard_task, clipboard_files,...

5.4CVSS5.2AI score0.02331EPSS
Exploits4References5Affected Software1
wpexploit
wpexploit
added 2020/02/04 12:0 a.m.36 views

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

2.6CVSS0.9AI score0.0883EPSS
Exploits6References2
NVD
NVD
added 2020/01/17 11:15 p.m.19 views

CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

6.1CVSS6.1AI score0.01607EPSS
Exploits2References1
Prion
Prion
added 2020/01/17 11:15 p.m.14 views

Cross site scripting

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

4.3CVSS6AI score0.01607EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2020/01/17 10:10 p.m.177 views

CVE-2020-7104

CVE-2020-7104 affects the WordPress Chained Quiz plugin. Versions

6.1CVSS6AI score0.01607EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/01/17 10:10 p.m.22 views

CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

6.1AI score0.01607EPSS
Exploits2References1
NVD
NVD
added 2020/01/13 6:15 p.m.25 views

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

7.5CVSS7.6AI score0.0317EPSS
Exploits4References9
Prion
Prion
added 2020/01/13 6:15 p.m.16 views

Code injection

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

6.4CVSS7.5AI score0.0317EPSS
Exploits4References9Affected Software3
Cvelist
Cvelist
added 2020/01/13 5:5 p.m.23 views

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

7.6AI score0.0317EPSS
Exploits4References9
wpexploit
wpexploit
added 2019/11/05 12:0 a.m.32 views

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

1.5AI score
Exploits0References2
NVD
NVD
added 2019/10/07 3:15 p.m.17 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.1CVSS8.2AI score0.00715EPSS
Exploits0References2
NVD
NVD
added 2019/10/07 3:15 p.m.14 views

CVE-2015-9450

The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...

9.8CVSS10AI score0.02183EPSS
Exploits0References3
Prion
Prion
added 2019/10/07 3:15 p.m.11 views

Sql injection

The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...

7.5CVSS8.4AI score0.02183EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/10/07 3:15 p.m.13 views

Directory traversal

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

7.8CVSS7.2AI score0.00715EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/07 2:25 p.m.18 views

CVE-2015-9455

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...

8.2AI score0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/07 2:17 p.m.24 views

CVE-2015-9451

The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbmailchimp pmfbtid parameter...

10AI score0.0237EPSS
Exploits1References3
Rows per page
Query Builder