29 matches found
CVE-2019-16719
WTCMS 1.0 allows index.php?g=admin=index=index CSRF with resultant XSS...
EUVD-2012-2615
Malware in sbrugna...
EUVD-2015-9277
Malware in sbrugna...
CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...
CVE-2015-9425
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=opanda-item=license-manager-sociallocker-next licensekey parameter...
CVE-2025-23808 WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Dutch van Andel Custom List Table Example custom-list-table-example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through = 1.4.1...
CVE-2024-32958 WordPress Slash Admin plugin <= 3.8.1 - CSRF to XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting XSS.This issue affects Slash Admin: from n/a through 3.8.1...
ozkcorp.com.au Cross Site Scripting vulnerability OBB-2835509
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-2241 Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF
The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, ...
CVE-2022-1593
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...
CVE-2017-6002
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter...
Mautic 1.3.0 CSRF / XSS / User Enumeration / DoS
Exploit Title: Mautic v1.3.0 Multiple Vulnerabilities Date: 01/04/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: https://www.mautic.org/ Version: 1.3.0 Category: Multiple Vulnerabilities Mautic description : ======================================================================...
WordPress My Calendar Plugin 2.4.10 - Multiple Vulnerabilities
My Calendar plugin is prone to multiple vulnerabilities, such as CSRF and XSS. Solution Update the plugin...
JSPMyAdmin 1.1 - Multiple Vulnerabilities
Exploit Title: JSPMyAdmin 1.1 SQL Injection, CSRF & XSS Google Dork: intitle:SQL Injection Date: 2015-05-29 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: https://code.google.com/p/jsp-myadmin/ Software Link: https://code.google.com/p/jsp-myadmin/ Version:...
Stored XSS Vulnerability In Manage Engine Device Expert
=============================================================================== Stored XSS Vulnerability In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability I...
WordPress ClickBank Ads 1.7 CSRF / Cross Site Scripting
================================================================ CSRF/Stored XSS Vulnerability in ClickBank Ads V 1.7 Plugin ================================================================ . contents:: Table Of Content Overview ======== Title :CSRF and Stored XSS Vulnerability in ClickBank Ads...
WordPress wpCommentTwit 0.5 CSRF / XSS
Title: CSRF/XSS Vulnerability in wpCommentTwit WP Plugin Author: Manideep K CVE-ID: CVE-2014-9340 Plugin Homepage: https://wordpress.org/plugins/wpcommenttwit/ Version Affected: 0.5 probably lower versions Severity: High About Plugin: wpCommentTwit is a plugin that will notify you of a new commen...
Mikiurl WordPress Eklentisi 2.0 CSRF / XSS
Title: CSRF/XSS Vulnerability in Mikiurl WordPress Eklentisi WP Plugin Author: Manideep K CVE -D : CVE-2014-9337 Plugin Homepage: https://wordpress.org/plugins/mikiurl-wordpress-eklentisi/ Version Affected:2.0 probably lower versions Severity: High Description: Vulnerable Parameter:...
Wordpress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...
php云人才系统 小漏洞一步步getshell(后台)
简要描述: php云人才系统 小漏洞一步步getshell,这里包含了php与mysql交互时候的特性(也算一个漏洞),还有phpyun自身图片的验证机制问题,等等,步骤比较艰辛,本来想在这里搞一个csrf呢,找了半天没有找到,到时找到一大堆xss,这里就不利用xss了,且看分析 详细说明: 首先我们做一个小测试: 对于mysql存储来说,建站者都会给每一个字段设置长度,然后当我们插入进去的数据长度超过了设置的长度,那么mysql是不会报错,然而会自然截断存储,这个就给我们编写程序的人留下了隐患。 利用场景分析...