Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. PoC curl 'https://example.com/wp-admin/admin-ajax.php' ...

CloudBees Jenkins CloudBees CD Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

User Rights Access Manager < 1.0.4 - Improper Access Controls

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin block...

User Rights Access Manager < 1.0.4 - Improper Access Controls

The plugin did not properly restrict access to some paths, still allowing a restricted user to access them, and edit the Blog Options, create/edit posts and so on for example PoC To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin...

Video Downloader for TikTok < 1.4 - Server Side Request Forgery (SSRF) & Local File Inclusion (LFI)

The plugin is vulnerable to SSRF or LFI attacks via the njt-tk-download-video parameter sent by the user not being properly sanitized before used in code...

CVE-2021-24221

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the resultid GET parameter on pages with the qsmresult shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to...

CVE-2021-24223

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5uniqidrand, however, in the case of misconfigured servers...

Design/Logic Flaw

The runaction function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code...

WordPress和Sprymedia DataTables SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...

CVE-2021-24208

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

Default credentials

By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages...

CVE-2021-24175

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user including admin by just providing the related username, as well as create accounts with...

WordPress VM Backups plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. Database Backups WordPress plugin through 1.2.2.6 A cross-site request forgery vulnerability can be exploite...

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. Even with the maximu...

CVE-2020-6577

The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c German edition allows itrk-api.php rechtstextlanguage SQL Injection...

Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the plugin were unprotected, allowing students to modify course information and elevate their privileges among many other actions. PoC Only one PoC provided for privilege escalation. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output =...

Design/Logic Flaw

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php...

Google Chrome 安全漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A security UI incorrectness vulnerability exists in the add-in program in versions prior to Google Chrome 89.0.4389.72. A remote attacker can exploit this...

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the plugin returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. PoC Usage: php poc.php auth...