Grav-Plugin-Admin 访问控制错误漏洞

Grav-Plugin-Admin is an admin plugin. It is used to configure Grave pages. An Access Control Error vulnerability exists in grav-plugin-admin that stems from improper restrictions in the product's UI layer and framework...

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues. Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "alert/XSS/...

in getgrav/grav-plugin-admin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

PT-2021-15675 · WordPress · Wp-Google-Map-Plugin

Name of the Vulnerable Software and Affected Versions: WP Google Map Plugin WordPress plugin versions prior to 4.1.5 Description: The issue concerns unvalidated input in the Manage Locations page within the plugin settings, which is vulnerable to SQL Injection. This can be exploited through a hig...

ShrimpTest 1.0b2 - admin/experiments.php Multiple Unspecified XSS

The shrimptest WordPress plugin was affected by an admin/experiments.php Multiple Unspecified XSS security vulnerability...

PT-2006-3529 · Nucleus · Nucleus

Name of the Vulnerable Software and Affected Versions: Nucleus versions 3.22 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSDIR LIBS parameter in the nucleus/libs/PLUGINADMIN.php file. Recommendations: For versions 3.22 and earlier...