CVE-2019-0708

creationtimestamp| type| source ---|---|--- 2019-05-14 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2019/05/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ 2019-05-14 20:27:23+00:00| seen| https://t.me/thehackernews/305 2019-05-14 21:31:48+00:00| seen|...

XSS Vulnerability at JEESNS Group Posts

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS group posts at the existence of XSS vulnerability , an attacker can be exploited to inject arbitrary Web script or HTML...

Design/Logic Flaw

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2019-11869

The CVE-2019-11869 entry concerns the WordPress Yuzo Related Posts plugin before 5.12.94. A cross-site scripting (XSS) flaw arises because the plugin relies on is_admin() to verify the request origin, but that check only confirms the request targets an admin page, not that it comes from an admin ...

VulnCheck KEV: CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin...

Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited

UPDATE Users of the popular Yuzo Related Posts plugin are being urged to uninstall the plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk. Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is...

WordPress Yuzo Related Posts plugin <=5.12.91 - Broken authentication

Broken authentication and session management allows unauthenticated call any action or update any option on WordPress Yuzo Related Posts plugin versions =5.12.91. Solution 10 April 2019 - this plugin was closed and is no longer available for download...

Vanilla: Stored XSS in embedded posts containing images

Summary: Embedded posts containing images can be maliciously crafted to insert Javascript code to run on page load. Description: Steps to reproduce: 1. Ensure you are logged into an account no special permissions are needed 2. Navigate to any page with the richEditor component e.g. any forum post...

WordPress Delete Duplicate Posts plugin <= 4.1.9.4 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue in WordPress Delete Duplicate Posts plugin versions = 4.1.9.4. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.1.9.5...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-12121)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS 7.0.14 and earlier versions, which can be exploited by an attacker to delete a user's posts via public/api.php?app=user URI...

CVE-2019-8372

creationtimestamp| type| source ---|---|--- 2019-02-18 15:21:43+00:00| published-proof-of-concept| https://t.me/news4hack/279 2019-02-19 14:04:10+00:00| published-proof-of-concept| https://t.me/antichat/3674 2019-02-19 15:03:47+00:00| published-proof-of-concept| https://t.me/canyoupwnme/5138...

MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / CSRF Date: 7/17/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=957 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2018-14575 1. Description: Creates a...

WordPress 3.7.x < 3.7.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress Multiple Vulnerabilities (Dec 2018) - Windows

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress 4.8.x < 4.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...

WordPress 4.6.x < 4.6.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...

Vanilla: Abusing "Report as abuse" functionality to delete any user's post.

Hi Team, Greetings!! Description: I would like to report a vulnerability that can be used to delete any user’s post by abusing “Report an abuse” function within application. After specific number of reports submitted to server, it automatically deletes that post of user. Application has...