6 matches found
CVE-2026-11568
The Product Configurator for WooCommerce WordPress plugin prior to 1.7.3 exposes protected product data via a public AJAX action without any authorization or post-status checks. Unauthenticated users can retrieve data for private and draft (non-public) products by supplying the product ID, bypass...
EUVD-2018-13319
Malware in sbrugna...
Cross site request forgery (csrf)
Frog CMS 0.9.5 provides a directory listing for a /public request...
CVE-2018-20776
Frog CMS 0.9.5 provides a directory listing for a /public request...
CVE-2018-7219
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...
WordPress LeagueManager Plugin 3.8 - SQL Injection
No description provided by source. !/usr/bin/ruby Exploit Title: WordPress LeagueManager Plugin v3.8 SQL Injection Google Dork: inurl:/wp-content/plugins/leaguemanager/ Date: 13/03/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://wordpress.org/extend/plugins/leaguemanager/ Software Link...