Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure

Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a "Video Widget" to a widget ar...

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack PoC Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns=campaign-delete=...

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: AgataSoft Auto PingMaster 1.5 Vendor Homepage: http://agatasoft.com/ Version: 1.5 Software Link :...