WordPress Plugin Automatic Config Change To Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Plugin Automatic Config Change to RCE', 'Description' = %q This module exploits an unauthenticated arbitrary wordpress options change...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection i...

WordPress Automatic plugin <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via autoplay Parameter vulnerability discovered by haidv35 in WordPress Plugin Automatic versions = 3.94.0...

WordPress Automatic Plugin <= 3.94.0 is vulnerable to Cross Site Scripting (XSS)

Software Automatic Type Plugin Vulnerable versions = 3.94.0 Fixed in 3.95.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4849 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c71dc29444f6 Credits haidv35 Required privilege...

CVE-2024-4849

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4849

CVE-2024-4849 (WordPress Automatic Plugin) is a Stored XSS in the WordPress Automatic Plugin for WordPress, affecting all versions up to 3.94.0 due to insufficient input sanitization and output escaping in the autoplay parameter. Exploitation requires authenticated access at Contributor level or ...

CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4849 WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-33126 · WordPress · Wordpress Automatic Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 Description: The issue is related to Stored Cross-Site Scripting via the autoplay parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-27954 WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0...

WordPress plugin Automatic 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

WordPress Automatic < 3.95.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE A PoC for CVE-2024-27956, a SQL Injection i...

The vulnerability in the `inc/csv.php` script of the WordPress Automatic Plugin, a content management system for WordPress websites, allows attackers to execute arbitrary SQL code.

The vulnerability in the inc/csv.php script of the WordPress Automatic Plugin, a content management system for WordPress websites, relates to the failure to protect the SQL query structure during the processing of the $q variable, as a result of the authentication mechanism being bypassed...

The vulnerability of the downloader.php plugin of the WordPress Automatic Plugin system for website content management allows a attacker to perform an SSRF attack.

The vulnerability of the downloader.php plugin in the WordPress Automatic Plugin system for website content management involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the WordPress Automatic Plugin, a content management system plugin for WordPress, allows attackers to increase their privileges.

The vulnerability of the WordPress Automatic Plugin, a content management system for WordPress websites, is related to the falsification of cross-site requests due to incorrect validation of the value of the one-time code nonce. Exploiting this vulnerability can allow a malicious actor to enhance...

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

CVE-2024-32693 WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0...

WordPress plugin Automatic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Automatic plugin < 3.93.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability

Multiple Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Automatic versions 3.93.0...