Lucene search
K

1339 matches found

OSV
OSV
added 2019/05/09 10:29 p.m.12 views

CVE-2018-20837

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...

4.8CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2019/05/09 9:25 p.m.18 views

CVE-2018-20837

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...

5.2AI score0.00748EPSS
Exploits1References2
CVE
CVE
added 2019/05/09 9:25 p.m.42 views

CVE-2018-20837

Typesetter 5.1 contains a cross-site scripting (XSS) flaw in include/admin/Menu/Ajax.php. The description cites an input path: index.php/Admin/Menu/Ajax?cmd=AddHidden, with title XSS. Details on affected versions, impact, exploit method, and fixes are drawn from multiple sources; remediation spec...

4.8CVSS5.1AI score0.00748EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/05/06 5:45 p.m.16 views

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

7.5AI score0.0147EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2019/04/29 12:0 a.m.22 views

WordPress Contact Form Builder Plugin < 1.0.69 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

8.8CVSS8.9AI score0.01058EPSS
Exploits1References2
Prion
Prion
added 2019/03/21 4:0 p.m.13 views

Code injection

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atmentsddd1xGz, or xlsbgimport query parameters, most of these methods become available to unauthenticated users...

7.5CVSS9.4AI score0.02906EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2019/03/21 4:0 p.m.14 views

Design/Logic Flaw

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

6.4CVSS7.4AI score0.02049EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2019/03/21 4:0 p.m.8 views

Default credentials

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csresetpass function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account...

7.5CVSS9.6AI score0.04129EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/03/17 9:37 p.m.39 views

CVE-2018-19488

The CVE-2018-19488 entry concerns the WP-jobhunt WordPress plugin prior to version 2.4. An authentication- bypass flaw exists where AJAX requests to cs_reset_pass() via admin-ajax.php are not properly controlled, enabling remote unauthenticated attackers to reset a user’s password. This is suppor...

9.8CVSS9.6AI score0.04129EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 9:36 p.m.17 views

CVE-2018-19487

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the csemployerajaxprofile function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users...

7.6AI score0.04852EPSS
Exploits1References2
CVE
CVE
added 2019/03/17 9:36 p.m.44 views

CVE-2018-19487

The CVE affects the WordPress WP-jobhunt plugin prior to version 2.4. The root cause is lack of access control for AJAX requests to cs_employer_ajax_profile() via admin-ajax.php, enabling remote unauthenticated attackers to enumerate user information. Practical impact is information disclosure ab...

7.5CVSS7.5AI score0.04852EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 9:30 p.m.32 views

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

7.5AI score0.02049EPSS
Exploits3References2
CVE
CVE
added 2019/03/17 9:30 p.m.50 views

CVE-2018-15818

CMS/plugin: Repute ARForms 3.5.1 and earlier. A vulnerability allows an attacker to delete arbitrary files on the server by sending a malicious request to admin-ajax.php, abusing web server privileges. Affected component is the plugin’s admin AJAX endpoint; impact is file deletion with partial in...

7.5CVSS7.4AI score0.02049EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2019/03/17 6:32 p.m.40 views

CVE-2018-19515

CVE-2018-19515 affects Webgalamb up to version 7.0. The issue: system/ajax.php endpoints intended for admin use can be accessed by unauthenticated users via certain query parameters (e.g., bgsend, atment_sddd1xGz, xls_bgimport), enabling broad method exposure. This is described as an information-...

9.8CVSS9.4AI score0.02906EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2019/02/23 6:29 p.m.29 views

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332...

8.8CVSS8.7AI score0.00572EPSS
Exploits0References1
Prion
Prion
added 2019/02/04 9:29 p.m.12 views

Cross site request forgery (csrf)

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

6.8CVSS8.8AI score0.00795EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2019/02/04 9:29 p.m.10 views

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

8.8CVSS8.8AI score0.00795EPSS
Exploits2References2
CVE
CVE
added 2019/02/04 9:0 p.m.45 views

CVE-2019-1000003

MapSVG Lite 3.2.3 is affected by a CSRF in the mapsvg_save AJAX endpoint (/wp-admin/admin-ajax.php?action=mapsvg_save) that can allow an authenticated admin to modify post data (including embedded JavaScript). Exploitation requires the attacker to have an admin account and to entice the admin to ...

8.8CVSS8.8AI score0.00795EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/01/31 7:0 p.m.21 views

CVE-2018-19042

The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dirfrom and dirto parameters of an mrelocatormove action to the wp-admin/admin-ajax.php URI...

5.6AI score0.10005EPSS
Exploits2References1
CVE
CVE
added 2019/01/27 2:0 a.m.55 views

CVE-2019-6703

CVE-2019-6703 affects the Total Donations WordPress plugin (up to 2.0.5/2.0.6) via an incorrect access control in migla_ajax_functions.php. This flaw allows unauthenticated attackers to call miglaA_update_me through wp-admin/admin-ajax.php and modify arbitrary WordPress option values, enabling ac...

9.8CVSS9.4AI score0.26076EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder