Lucene search
+L

154 matches found

wpexploit
wpexploit
added 2021/09/29 12:0 a.m.550 views

Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting

The plugin does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin. Go to Setting Tab Under Calendar Lite Plugin Under Setting tab Click on Slugs/Permalinks tab Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable...

5.4CVSS0.00629EPSS
Exploits2
Prion
Prion
added 2021/07/21 5:15 p.m.15 views

Cross site scripting

A cross site scripting XSS vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

4.3CVSS6.1AI score0.01097EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/21 4:7 p.m.30 views

CVE-2020-22150

A cross site scripting XSS vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

6.1AI score0.01097EPSS
Exploits1References1
Huntr
Huntr
added 2021/07/16 11:29 p.m.12 views

in ampache/ampache

✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...

7AI score
Exploits0
CNVD
CNVD
added 2020/11/03 12:0 a.m.5 views

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-63995)

GetSimple CMS is a content management system CMS written in PHP. A security vulnerability exists in GetSimple CMS version 3.3.16, which originates from allowing persistent cross-site scripting execution of "permalinks" on parameter setting pages when you create and open a new page. No details of...

5.4CVSS6.4AI score0.00881EPSS
Exploits1References1
NVD
NVD
added 2020/06/24 3:15 p.m.36 views

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

7.5CVSS0.13463EPSS
Exploits2References3
OSV
OSV
added 2020/06/24 3:15 p.m.21 views

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

7.5CVSS6.4AI score
Exploits0References3
Prion
Prion
added 2020/06/24 3:15 p.m.18 views

Cross site request forgery (csrf)

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

5CVSS7.3AI score0.13463EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/06/24 2:25 p.m.40 views

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

7.3AI score0.13463EPSS
Exploits2References3
CNVD
CNVD
added 2019/09/02 12:0 a.m.2 views

WordPress wp-better-permalinks plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-better-permalinks is a menu list structure customization plugin used in it. A cross-site request forgery vulnerability exists in...

8.8CVSS6.7AI score0.00704EPSS
Exploits0References1
OSV
OSV
added 2019/08/30 5:15 p.m.7 views

CVE-2019-15835

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF...

8.8CVSS7.3AI score0.00704EPSS
Exploits0References2
NVD
NVD
added 2019/08/30 5:15 p.m.16 views

CVE-2019-15835

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF...

8.8CVSS8.8AI score0.00704EPSS
Exploits0References2
CVE
CVE
added 2019/08/30 4:7 p.m.328 views

CVE-2019-15835

CVE-2019-15835: The wp-better-permalinks WordPress plugin is affected by a cross-site request forgery (CSRF) vulnerability in all versions before 3.0.5. Attackers could coerce an authenticated user to perform unwanted actions via forged requests. Connected sources consistently identify the vulner...

8.8CVSS8.7AI score0.00704EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/30 4:7 p.m.18 views

CVE-2019-15835

The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF...

8.8AI score0.00704EPSS
Exploits0References2
Patchstack
Patchstack
added 2019/06/27 12:0 a.m.8 views

WordPress WP Better Permalinks plugin <= 3.0.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress WP Better Permalinks plugin versions = 3.0.4. Solution Update the WordPress WP Better Permalinks plugin to the latest available version at least 3.0.5...

3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/02/26 12:0 a.m.14 views

WordPress Custom Permalinks plugin <=1.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found in WordPress Custom Permalinks plugin versions =1.1. Solution Update the WordPress Custom Permalinks plugin to the latest available version at least 1.2...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2018/02/26 12:0 a.m.7 views

WordPress Custom Permalinks plugin <=1.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Custom Permalinks plugin versions =1.1. Solution Update the WordPress Custom Permalinks plugin to the latest available version at least 1.2...

1.6AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2018/02/22 12:0 a.m.9 views

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete&permalinks=1 PAYLOAD -- "...

1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2018/02/22 12:0 a.m.13 views

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. PoC Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete=1 PAYLOAD -- "...

3.7AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/22 12:0 a.m.12 views

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. PoC URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks=...

0.9AI score
Exploits0Affected Software1
Rows per page
Query Builder