Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...

All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)

The plugin did not escape the banned user agents in its settings before output, which may allow administrators to enter malicious UA with XSS payloads under certain conditions. Note: We were not able to reproduce the issue...

WordPress NextGEN Gallery plugin 跨站请求伪造漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. all-in-one-wp-security-and-firewall is a website security plugin used in it. nextGEN Gallery is an image gallery plugin used...

Wordpress name-directory Plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Wordpress name-directory is a plugin that provides directory functionality for the Wordpress platform...

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials...

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in the...

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing. PoC...

Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

The plugin did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. If the Frontend Event Submission form is embed in a public page, then it could lead to any authenticated user, like subscribers to...

Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. PoC If a form from the plugin with an upload field is present on the blog, and is used to...

Contact Form 7 Database Addon < 1.2.5.4 - Authenticated SQL Injections

The plugin did not properly sanitise the formids from the contactform POST array parameter before using them in a SQL statement in the processbulkaction function. This could allow high privilege users, such as admin to perform SQL Injection against the DBMS via the bulk actions: delete, read and...

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

WordPress Ultimate Member plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Member plugin is one of the plugins used to create member sites or online communities. An input validation error vulnerability...

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

WordPress Quiz and Survey Master plugin Arbitrary File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Quiz and Survey Master plugin is a plugin in WordPress. An arbitrary file upload vulnerability exis...

WordPress Ninja Forms plugin code issue vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. A code issue exists in the WordPress Ninja Forms plugin before...

Genivia gSOAP 代码问题漏洞

Genivia gSOAP is a C/C++ software development kit with automatic coding capabilities. A security vulnerability exists in the Genivia gSOAP WS-Security plugin functionality, which allows remote attackers to exploit the vulnerability by submitting a special request, which can be used for...

Contact Form Submissions <= 1.6.4 - Authenticated Double Query SQL injection

The plugin is affected by a double query SQL injection, which could allow high privileged users to access data from the DBMS. Edit WPScanTeam October 26th, 2020 - Confirmed & Escalated to WP October 27th, 2020 - WP Investigating January 3rd, 2021 - No updates, disclosing PoC The PoC will be...

Design/Logic Flaw

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checke...

WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload

Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...