Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Authenticated Remote Command Execution RCE vulnerability found by NinTechNet in WordPress Secure File Manager plugin versions = 2.5. Solution The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org...

XCloner Backup and Restore < 4.2.153 - Cross-Site Request Forgery

Almost all of the endpoints in the plugin were vulnerable to cross-site request forgery due to a failure to implement nonces and corresponding checks. An attacker could use a CSRF attack to trigger a backup or update plugin options, along with all of the malicious activity outlined in the referen...

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is...

Advertising Plugin for WordPress Threatens Full Site Takeovers

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version v.1.5.6, which site...

ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure

The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. PoC List all active plugins of the...

Open-Xchange: Null dereference or redundant null check in `mail_crypt_load_global_private_key` for plugin mail-crypt

In this function, we check once if errorr is not NULL in if enctype == DCRYPTKEYENCRYPTIONTYPEPASSWORD / Fail here if password is not set since openssl will prompt for it otherwise / if keypassword == NULL if errorr != NULL errorr = tstrdupprintf"%s: %s unset, no " "password to decrypt the key",...

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS)

Authenticated stored cross-site scripting issues in some of the plugin settings, requiring high privileges. PoC Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed either the preview or normal one: Logo: x' onerror='alert/XSS/ Headlines:...

VulnCheck KEV: CVE-2020-36715

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

CVE-2011-4908

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php...

Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. PoC...

Code injection

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...

WordPress wp-live-chat-support plugin cross-site scripting vulnerability (CNVD-2019-36074)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-live-chat-support plugin is a live chat plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

CVE-2015-9480

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

CVE-2015-9461

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afpgetnewportfolioitempage SQL injection via the itemid parameter...

WP Google Map Plugin < 4.1.0 - CSRF to Unauthenticated PHP Object Injection

The WP Google Map Plugin WordPress plugin was affected by a CSRF to Unauthenticated PHP Object Injection security vulnerability...

MGASA-2019-0273 Updated flash-player-plugin packages fix security vulnerabilities

Updated flash-player-plugin package fixes security vulnerabilities: Same origin method execution that leads to arbitrary code execution in the context of the current user. CVE-2019-8069 Use after free that leads to arbitrary code execution in the context of the current user. CVE-2019-8070...

CVE-2019-15834

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF...

CVE-2019-15773

The nd-travel plugin before 1.7 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...