225 matches found
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc. PoC Free: 1. ADMIN: Install The Events Calendar 2. ADMIN: Create events with each status: published,...
CVE-2024-30248
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248
CVE-2024-30248 affects Piccolo Admin, the Python-based admin interface for Piccolo. The vulnerability arises from SVG uploads being allowed by default, allowing an attacker to load a malicious SVG that can grant arbitrary access to the admin page. The root cause is insufficient validation/handlin...
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. PoC 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...
CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...
GHSA-V627-69V2-XX37 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...
Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing
Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. PoC Run the below command in the developer console of the web browser while being on the blog as a subscriber user...
CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
CVE-2023-3664 FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...
NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
Description The plugin is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server. PoC 1. Ensure your WordPress installation is using PHP version 7.4 or earlier. 2. Create a...
CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...
CVE-2023-3814
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...
CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server...
e-Excellence U-Office Force 路径遍历漏洞
e-Excellence U-Office Force is an e-Office platform from China First Class Technology e-Excellence. A path traversal vulnerability exists in e-Excellence U-Office Forc, which can be exploited by an attacker to read arbitrary system files...
Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access
Description The plugin does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. On a multisite installation, log in as a site admin. Notice that you are able to manage files on the server using this...
Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones Run the below command in the developer console ...
Use After Free
chromium is vulnerable to Use After Free. The vulnerability exists in the Media of the library, allowing an attacker to perform arbitrary read/write via a maliciously crafted HTML page...
CVE-2021-4347
The function updateshipmentstatusemailstatusfun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers including those at customer level to update any WordPress option in the database...