33 matches found
📄 WordPress Wux Blog Editor 3.0.0 Vulnerability Scanner
This Metasploit auxiliary module scans WordPress sites for the External Post Editor plugin and checks for the unauthenticated file upload vulnerability that exists in version 3.0.0...
Exploit for CVE-2024-9932
CVE-2024-9932 / 0-Click RCE Exploit - Author: Joshua Provoste...
EUVD-2024-50219
Malicious code in bioql PyPI...
EUVD-2025-22732
Malicious code in bioql PyPI...
BIT-OPENCART-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
Cross-site Scripting (XSS)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog editor process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious scripts into blog content...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
PT-2025-30910 · Opencart · Opencart
Name of the Vulnerable Software and Affected Versions: OpenCart version 4.1.0.4 Description: OpenCart version 4.1.0.4 is susceptible to a Stored Cross-Site Scripting XSS attack through the blog editor. The issue occurs because input within the blog editor is not adequately sanitized or escaped...
OpenCart 安全漏洞
OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from improper blog editor input cleanup and could lead to...
CVE-2025-45892
OpenCart 4.1.0.4 is affected by a Stored XSS via the blog editor. The root cause is input in the blog editor not being properly sanitized/escaped before rendering, enabling injection of arbitrary JavaScript in user sessions. A PoC exists (PacketStorm reference), and some sources note there is no ...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2024-9932
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbtinsertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
Exploit for CVE-2024-9932
CVE-2024-9932-POC Description: The Wux Blog Editor WordPre...
Exploit for CVE-2024-9932
CVE-2024-9932 Wux Blog Editor = 3.0.0 - Unauthenticated Ar...
CVE-2024-9931
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the fir...
CVE-2024-9932
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbtinsertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2024-9932
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbtinsertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...