12 matches found
Wordpress Multiple Themes - Reflected Cross-Site Scripting
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
EUVD-2023-34266
Malicious code in bioql PyPI...
EUVD-2024-29282
Malicious code in bioql PyPI...
PT-2024-24033 · WordPress +11 · Sensible Wp +14
Name of the Vulnerable Software and Affected Versions: X-T9 versions 1.19.0 and earlier Lightning versions 15.18.0 and earlier Default Mag versions 1.3.5 and earlier Namaha versions 1.0.40 and earlier CityLogic versions 1.1.29 and earlier i-max versions 1.6.2 and earlier Emmet Lite versions 1.7.5...
Multiple Themes - Reflected XSS
Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. https://example.com/?s=katana/asd/...
Multiple themes - Unauthenticated Arbitrary File Upload
Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the langupload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. PoC Create a malicious file "backdoor.php", then curl...
WordPress Epsilon Framework SSRF / Denial of Service
Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...
Multiple Themes - Unauthenticated Function Injection
Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions. The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress...
Multiple Themes - PrettyPhoto DOM XSS
...
GRBoard 1.8 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. GRBoard 1.8 Remote File Inclusion Vulnerability bY [email protected] / GRBoard VERSION 1.8 is bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But I find Remote File Inclusion vulnerability. Here is the...
GRBoard 1.8 Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== GRBoard 1.8 Multiple Remote File Inclusion Vulnerabilities ========================================================== / GRBoard VERSION 1.8 is bulletin board system of Korea. It is...
GRBoard 1.8 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. GRBoard 1.8 Remote File Inclusion Vulnerability bY [email protected] / GRBoard VERSION 1.8 is bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But I find Remote File Inclusion vulnerability. Here is the...