Lucene search
K

1339 matches found

wpexploit
wpexploit
added 2019/01/08 12:0 a.m.17 views

MapSVG Lite <= 3.2.3 - Cross-Site Request Forgery (CSRF)

CSRF in the mapsvgsave AJAX method...

6.8CVSS1AI score0.00795EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/12/23 2:0 a.m.30 views

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...

5.3AI score0.00705EPSS
Exploits4References1
Prion
Prion
added 2018/12/20 11:29 p.m.18 views

Cross site scripting

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

3.5CVSS5.3AI score0.01097EPSS
Exploits1References3Affected Software1
Openbugbounty
Openbugbounty
added 2018/12/04 8:25 p.m.10 views

advancedcustomfields.com XSS vulnerability

Open Bug Bounty ID: OBB-707391 Description| Value ---|--- Affected Website:| advancedcustomfields.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2018/11/29 1:8 a.m.60 views

WordPress WP GDPR Compliance Plugin Privilege Escalation

The Wordpress GDPR Compliance plugin 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin = v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is...

9.8CVSS6.9AI score0.87294EPSS
Exploits4
Prion
Prion
added 2018/11/17 3:29 p.m.16 views

Cross site request forgery (csrf)

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

6.8CVSS8.6AI score0.00465EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/17 3:0 p.m.23 views

CVE-2018-19332

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

8.7AI score0.00465EPSS
Exploits1References1
exploitpack
exploitpack
added 2018/11/13 12:0 a.m.28 views

Surreal ToDo 0.6.1.2 - SQL Injection

Surreal ToDo 0.6.1.2 - SQL Injection Exploit Title: Surreal ToDo 0.6.1.2 - SQL Injection Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link:...

8.6AI score
Exploits0
NVD
NVD
added 2018/10/29 12:29 p.m.16 views

CVE-2018-18717

An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1
Prion
Prion
added 2018/10/29 12:29 p.m.16 views

Cross site scripting

An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...

3.5CVSS4.8AI score0.00534EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/28 12:0 a.m.44 views

CVE-2018-18717

CVE-2018-18717 affects Eleanor CMS up to 2015-03-19. It is an XSS vulnerability exploitable through the AJAX endpoint ajax.php?direct=admin&file=autocomplete&query=[XSS] where the attacker-controlled query is reflected in the response. NVD lists CVSSv2 base 3.5 (LOW) and CVSSv3 base 4.8 (MEDIUM)....

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/10/26 12:0 a.m.11 views

Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS)

Cross-Site Scripting XSS vulnerability in the JSON output by modifying the hash parameter in admin-ajax.php using the fetchposts action. Response Content-Type set to html. PoC http://www.example.com/wp-admin/admin-ajax.php?action=fetchposts&stream-id;=1=%3Cimg%20src=x%20onerror=alert1%3E...

0.4AI score
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2018/10/25 12:0 a.m.12 views

ClipBucket 2.8 - id SQL Injection

ClipBucket 2.8 - id SQL Injection Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapp...

8.7AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/25 12:0 a.m.21 views

ClipBucket 2.8 - &#039;id&#039; SQL Injection

Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

7.4AI score
Exploits0
NVD
NVD
added 2018/10/17 2:29 p.m.23 views

CVE-2018-18373

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sbajaxaddmessage action...

5.4CVSS5.3AI score0.00795EPSS
Exploits1References2
CVE
CVE
added 2018/10/17 2:0 p.m.48 views

CVE-2018-18373

CVE-2018-18373 concerns the Schiocco “Support Board – Chat And Help Desk” WordPress plugin (version 1.2.3). The stored XSS occurs in file upload areas within the Chat and Help Desk sections via the msg parameter in the /wp-admin/admin-ajax.php sb_ajax_add_message action. Multiple connected source...

5.4CVSS5.2AI score0.00795EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2018/10/16 12:0 a.m.26 views

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...

0.1AI score
Exploits0
NVD
NVD
added 2018/10/09 6:29 p.m.16 views

CVE-2018-18084

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

9.8CVSS9.9AI score0.01261EPSS
Exploits1References2
Prion
Prion
added 2018/10/09 6:29 p.m.9 views

Sql injection

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

7.5CVSS9.8AI score0.01261EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/10/09 6:0 p.m.15 views

CVE-2018-18084

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

9.9AI score0.01261EPSS
Exploits1References2
Rows per page
Query Builder