OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion

The plugin does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server. As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard...

PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls

The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. You can run this from a browser's javascript console:...

WordPress Huge IT Portfolio Gallery 2.0.77 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016...

WordPress Users Ultra Plugin 1.5.50 - Blind SQL 注入

在users-ultra插件的xooclasses/xoo.userultra.photos.php文件中有如下代码： public function editvideoconfirm global $wpdb, $xoouserultra; requireonceABSPATH . 'wp-includes/formatting.php'; $userid = getcurrentuserid; $videoid = $POST"videoid"; //videoid 直接从POST取值 $videoname = sanitizetextfield$POST"videoname";...