Clinic Queuing System 1.0 Remote Code Execution

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability

Rating Value Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin WP Post Author versions = 3.6.4...

WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Rate my Post versions = 3.4.4...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability

Review Score Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability

Broken Access Control on Review vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin WP-Recall versions = 16.26.5...

WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability

Form Submission Restriction Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin weForms versions = 1.6.20...

WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability

IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...

WordPress VS Contact Form plugin <= 14.7 - Sum Captcha Bypass vulnerability

Sum Captcha Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin VS Contact Form versions = 14.7...

WordPress CP Polls Plugin <= 1.0.71 is vulnerable to Bypass Vulnerability

Software CP Polls Type Plugin Vulnerable versions = 1.0.71 Fixed in 1.0.72 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-24873 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b041270a0860 Credits Kyle Sanchez Required privilege...

sanchez-navarro.com Improper Access Control vulnerability OBB-3809601

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WWBN AVideo command injection vulnerability

WWBN AVideo Authenticated RCE A command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854 which affects WWBN Avideo up to version 12.3 Vulnerable Code...

WordPress Resim ara 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Resim ara 1.0 Resim ara is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Resim Ara plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ricardo Sanchez in WordPress Resim Ara plugin versions = 1.0. Solution This plugin has been closed as of January 17, 2020 and is not available for download. Reason: Security Issue...

WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Human Presence plugin versions = 2.0.8. Solution 11 September 2019 - we were unable to find a patched version of this plugin...