305 matches found
Listeo < 1.6.11 - Multiple Authenticated IDOR Vulnerabilities
The theme did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. PoC -- PoC 1 | Authenticated IDOR | Permanent post/page deletion: !...
CVE-2021-24281 Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the deleteactionpost AJAX action to delete any post on a target site...
WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Authenticated Arbitrary Post Deletion vulnerability
Authenticated Arbitrary Post Deletion vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...
Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion
In the plugin, any authenticated user, such as a subscriber, could use the deleteactionpost AJAX action to delete any post on a target site. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Set redirect url $ch = curlinit;...
WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability
Arbitrary Post Creation vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27, 2020 and is not...
Realia <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion
While investigating an IDOR issue on a premium theme, allowing arbitrary deletion of Ads, submitted by Vlad Vector, the Realia plugin was found to be the root cause. In fact, having this plugin installed which some themes require can allow unauthenticated attackers to delete arbitrary posts, by...
WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Unauthenticated Arbitrary Post Deletion vulnerability
Unauthenticated Arbitrary Post Deletion vulnerability discovered by NinTechNet in WordPress Contact Form builder with drag & drop plugin versions = 2.1.1. Solution Update the WordPress Contact Form builder with drag & drop plugin to the latest available version at least 2.1.2...
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls
Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation...
WordPress Realia plugin <= 1.4 - Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability
Unauthenticated IDOR leading to Arbitrary Post Deletion vulnerability found by Vlad Vector, Erwan LR in WordPress Realia plugin versions = 1.4. Solution 2020-12-03 - no patched version available, only note from WordPress plugin repository "This plugin has been closed as of August 14, 2020 and is...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
Input validation
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
CVE-2019-5461
CVE-2019-5461 is a GitLab SSRF/ input validation vulnerability found in the GitHub service integration that allowed an attacker to cause arbitrary POST requests from within a GitLab instance’s internal network. The root cause is input validation weakness in the GitHub integration, enabling reques...
CVE-2019-5461
Removed by vendor...
Woody Ad Snippets < 2.2.6 - Arbitrary Post Deletion
The adminInit function of the admin/includes/class.actions.snippets.php file, registered as an admininit hook did not have any CSRF or capability checks for its close action, allowing unauthenticated users to delete arbitrary posts from the blog...
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring...
Design/Logic Flaw
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring...
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring...
CVE-2019-12252
In Zoho ManageEngine ServiceDesk Plus up to version 10.5, a privilege/ access control flaw allows users with minimal rights (guest) to view arbitrary posts by manipulating the ID parameter in the URL query (SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id=...). This is an impr...
GitLab: GitLab's GitHub integration is vulnerable to SSRF vulnerability
The GitHub service is vulnerable to a SSRF vulnerability. An attacker may be able to leverage this to make arbitrary POST requests in a GitLab instance's internal network. It can also be used to connect to cloud provider's instance metadata API, which may result in the ability to execute commands...