Lucene search
K

1339 matches found

Cvelist
Cvelist
added 2019/09/09 12:7 p.m.20 views

CVE-2018-21013

The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php...

9.3AI score0.01987EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/09/03 12:22 p.m.14 views

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

9.2AI score0.03883EPSS
Exploits2References2
NVD
NVD
added 2019/08/29 12:15 p.m.11 views

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

5.4CVSS5.6AI score0.01063EPSS
Exploits1References3
Prion
Prion
added 2019/08/29 12:15 p.m.16 views

Cross site scripting

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

3.5CVSS5.7AI score0.01063EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/29 11:49 a.m.13 views

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

5.6AI score0.01063EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2019/08/28 12:0 a.m.1 views

WordPress Download Manager Plugin Cross-Site Request Forgery

A cross-site request forgery vulnerability has been reported in WordPress Download Manager Plugin. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...

4.2AI score
Exploits0
CVE
CVE
added 2019/08/20 2:51 p.m.116 views

CVE-2015-9332

The CVE-2015-9332 issue affects the WordPress uninstall plugin (before v1.2). The vulnerability is a Cross-Site Request Forgery (CSRF) that can trigger uninstall to delete all database tables via wp-admin/admin-ajax.php?action=uninstall, as described in multiple sources (WordPress uninstall plugi...

6.5CVSS6.5AI score0.0061EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/08/15 3:15 p.m.13 views

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...

6.1CVSS6.1AI score0.01377EPSS
Exploits1References3
Prion
Prion
added 2019/08/15 3:15 p.m.17 views

Code injection

The toggle-the-title aka Toggle The Title plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=updatetitleoptions isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter...

3.5CVSS4.9AI score0.01034EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/08/15 2:57 p.m.43 views

CVE-2019-14790

The CVE-2019-14790 entry concerns the WordPress plugin limb-gallery (aka Limb Gallery) up to version 1.4.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exposed via the parameter wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode in the GrsGalleryAjax shortcode task. Publ...

6.1CVSS6AI score0.01377EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/08/15 2:57 p.m.17 views

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...

6.1AI score0.01377EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2019/08/14 12:0 a.m.101 views

WordPress Download Manager 2.5 Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...

Exploits0
NVD
NVD
added 2019/08/09 2:15 p.m.29 views

CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcodebwg tagtext parameter...

4.9CVSS5.3AI score0.0443EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/09 12:21 p.m.29 views

CVE-2019-14787

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newslettersloadneweditor contentarea parameter...

5.4AI score0.01035EPSS
Exploits2References3
Prion
Prion
added 2019/08/08 8:15 p.m.13 views

Cross site request forgery (csrf)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

4.9CVSS5.8AI score0.00679EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2019/07/28 6:15 p.m.13 views

Cross site scripting

An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpxname wp-admin/admin-ajax.php POST parameter...

4.3CVSS6AI score0.0133EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2019/06/27 12:0 a.m.17 views

Block WP Login <= 1.3.0 - CSRF and Unauthorised Settings Update

Lack of CSRF and authorisation checks in the bwplconfigureslug function registered as an admininit action could allow attacker via CSRF, or unauthenticated using the admin-ajax.php to change the plugin settings located at /wp-admin/options-permalink.php and disable the protection offered. v1.3.1...

0.6AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2019/05/20 12:0 a.m.24 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...

4.3CVSS2.3AI score0.02022EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2019/05/09 10:29 p.m.13 views

Cross site scripting

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...

3.5CVSS5.2AI score0.00748EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/05/09 10:29 p.m.11 views

CVE-2018-20837

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...

4.8CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder