Lucene search
K

7 matches found

GithubExploit
GithubExploit
added 2024/05/22 6:5 p.m.635 views

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

Detect CVE-2024-4367 Quick-and-dirty YARA detection rule for...

8.8CVSS8.7AI score0.72648EPSS
Exploits15
wpexploit
wpexploit
added 2024/05/02 12:0 a.m.156 views

CAS <= 1.0.0 - Unauthenticated SSRF

Description The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack https://example.com/wp-content/themes/cas/download.php?path=http://127.0.0.1:8080...

6.9AI score0.01836EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/24 12:0 a.m.152 views

WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer&doaction=delete&prayer...

6.8AI score0.00189EPSS
Exploits2
wpexploit
wpexploit
added 2024/04/23 12:0 a.m.129 views

Ultimate Blocks < 3.1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below code in a...

8.3AI score0.00353EPSS
Exploits2References1
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.179 views

MM-email2image <= 0.2.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following payload to a...

8.3AI score0.00624EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.19 views

Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5.4AI score0.00465EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/13 5:1 p.m.334 views

vm2 Sandbox Escape vulnerability

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. Patches None. Workarounds None. References...

10CVSS7.2AI score0.0279EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder