CVE-2022-3677 Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks...

Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation & Activation

Multiple plugins from the Cool Plugins vendor are missing capability and proper CSRF check in the coolpluginsinstall and coolpluginsactivate AJAX actions, available to any authenticated users, allowing them to install and activate arbitrary plugins via an archive hosted on a remote server they...

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

Design/Logic Flaw

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

CVE-2021-24354

CVE-2021-24354 affects the WordPress plugin Simple 301 Redirects by BetterLinks up to version 2.0.3. The root cause is a lack of capability checks and an insufficient nonce check on the plugin’s AJAX action, enabling an authenticated user to install arbitrary plugins on vulnerable sites. The issu...

BetterLinks WordPress plugin 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in BetterLinks WordPress plugin versions prior to 2.0.4, which stems...

WordPress Authorization Issues Vulnerability (CNVD-2021-44301)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WP Maintenance Mode & Site Under Construction An...

WordPress plugin WP Maintenance Mode & Site Under Construction 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WP Maintenance Mode & Site Under Construction An...

WordPress plugin Login as User or Customer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 1.8 before the version User Switching...

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

CVE-2020-15593

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

Directory traversal

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes...

Code injection

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...

Atlassian Crowd 3.2.x < 3.2.8 RCE Vulnerability

According to its self-reported version number, the Atlassian Crowd application running on the remote host is 2.1.x prior to 3.0.5, 3.1.x prior to 3.1.6, 3.2.x prior to 3.2.8, 3.3.x prior to 3.3.5 or 3.4.x prior to 3.4.4. It is, therefore, affected by a remote code execution RCE vulnerability. An...

Code injection

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link...

CVE-2015-5208

Apache Cordova iOS prior to 4.0.0 contains a vulnerability that allows arbitrary plugin execution when a user accesses a specially crafted link. The issue affects Cordova iOS up to version 3.x and is remedied by upgrading Cordova to 4.0.0 or later and rebuilding the iOS application.

Apache Cordova iOS Arbitrary Plugin Execution Vulnerability

Adobe PhoneGap is a set of open source development frameworks. Apache Cordova iOS is a set of platforms for developing iOS-based mobile applications using HTML, CSS, and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remo...

Subrion 3.x.x File Download / Arbitrary Access

Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X Tested Version = Latest, 3.3.5 on a Wamp Server. x Google...

Subrion 3.X.X - Multiple Vulnerabilities

Exploit for php platform in category web applications - Title = Subrion 3.X.X - Multiple Exploits - Author = bRpsd skype: vegnox - Date Release = 23 October, 2015 - Vendor = Subrion Homepage = http://www.subrion.org/ Download = http://tools.subrion.org/get/latest.zip Vulnerable Versions = 3.X.X...

CVE-2010-1916

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via 1 crafted backendconfigsecretkeylocation and...