WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Ivory Search, which stems from the lack ...

UBUNTU-CVE-2021-35608

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

Images to WebP < 1.9 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue PoC Assuming WordPress installed at C:\xampp\htdocs\wordpress,...

TableOn < 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting issues PoC https://example.com/?tableon-remote-page==1=...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in one of the vulnerable fields in the General Settings of the plugin...

Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF

The plugin does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. PoC The following HTML code can be...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin. The WordPress plugin Gutenberg PDF Viewer Block suffers from a...

PT-2021-16159 · WordPress · Scroll Baner Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Scroll Baner WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of CSRF check when saving settings, as well as insufficient sanitisation, escaping, or validation of these settings. This could allow attackers to...

CVE-2021-24545

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Simple Social Media Share Buttons plugin prior...

Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion

The plugin does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. PoC Run on "Posts" page: jQuery.postajaxurl, nonce: config.ajax.nonce, action:"managewppostsusingbulkquicksavebulkedit", postids:783,...

Traffic Factory: WordPress Plugin Update Confusion at trafficfactory.com

Hi, I'm currently researching a "novel" supply chain attack affecting WordPress plugins, and I believe your website might be vulnerable. The way it works is similar to a recent Dependency Confusion attack, where a malicious actor can take over internal packages unclaimed on PyPI / npm registry. I...

Simple Download Monitor < 3.9.6 - Unauthorised Log Reset

The sdmresetlog AJAX action of the plugin does not have any capability and CSRF checks, which could allow any authenticated user such as subscriber, or an attacker performing a CSRF attack against a logged in admin to reset the log entries PoC...

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

The plugin does not have proper authorisation nor CSRF checks in the saveglobalsetting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which wi...

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

The plugin does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. PoC The questionid must start with an existing post ID...

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

Cardinity Payment Gateway for WooCommerce < 3.0.7 - Reflected Cross-Site Scripting

The plugin does not escape various parameter before outputting them in attributes, leading to Reflected Cross-Site Scripting issues PoC Vulnerable parameters: amount, country, currency, orderid, description, returnurl, projectid, signature...

Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion

The plugin provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts PoC...

WordPress CM Tooltip Glossary插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in the WordPress plugin CM Tooltip Glossary, which stems fro...