EUVD-2022-33757

Malicious code in bioql PyPI...

CVE-2024-6710

The CVE-2024-6710 issue affects the Ditty WordPress plugin prior to version 3.1.45. It stems from inadequate sanitisation/escaping of certain parameters, enabling attackers with as little as Contributor-level access to perform Cross-Site Scripting (XSS) attacks. Red Hat’s advisory reiterates the ...

CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor. PoC Run the following within a block editor page. Notice that the request is delayed by the SLEEP call in...

Server side request forgery (ssrf)

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

OAuth Single Sign On – SSO (OAuth Client) < 6.23.4 - Improper Authentication

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as Subscriber to call them and perform unauthorised actions...

WP Table Manager < 3.5.3 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Cross site scripting

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...

Easy Testimonials < 3.9.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...

Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting

The theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Stored Cross-Site Scripting attacks. PoC As a candidate, add the following payload on the Social Network option: javascript:alert1 As a recruiter, access the candidate pag...

CVE-2022-3690

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins...

CVE-2022-2312

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it...

CVE-2022-29419 WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability in Don Crowther's 3xSocializer plugin = 0.98.22 at WordPress possible for users with a low role like a subscriber or higher...

CVE-2021-45729 WordPress WP Google Map plugin <= 1.8.0 - Privilege Escalation vulnerability

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin versions = 1.8.0 allows authenticated low-role users to create, edit, and delete maps...

CVE-2021-45729

The CVE-2021-45729 vulnerability affects the WP Google Map WordPress plugin (versions 1.8.0, with Patchstack recommending at least 1.8.1. Public sources describe the vulnerability consistently across CNVD/CNNVD and Patchstack references. If details on exploitation are needed beyond what’s docume...

PT-2022-12373 · WordPress · Wp Google Maps

Name of the Vulnerable Software and Affected Versions: WP Google Map WordPress plugin versions = 1.8.0 Description: The issue allows authenticated low-role users to create, edit, and delete maps. Recommendations: For WP Google Map WordPress plugin versions = 1.8.0, update to a version greater tha...

Default credentials

The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally...

CVE-2021-24781

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...

HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset

The plugin does not have capability checks in some of its AJAX action, relying on CSRF nonces for this, which are displayed for any authenticated users. As a result, a user with a role as low as subscriber could use the hdiinstalldemo AJAX action to reset the entire blog including the tables in t...

Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. PoC Affected argument: url, text, target, rel and class easymediadownload url="/" text='" onerror="alert/XSS///http'...