Clinic Queuing System 1.0 Remote Code Execution

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability

Rating Value Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin WP Post Author versions = 3.6.4...

WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Rate my Post versions = 3.4.4...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

Insecure Direct Object Reference IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0b59bd9029de Credits Kyle Sanchez...

WordPress ProfileGrid Plugin <= 5.7.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.9 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-32808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b60c26e035a2 Credits Kyle Sanchez...

WordPress ProfileGrid Plugin <= 5.8.2 is vulnerable to Bypass Vulnerability

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.2 Fixed in 5.8.3 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-32774 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32476e3a5d62 Credits Kyle Sanchez Required privilege Subscrib...

WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability

Review Score Manipulation vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability

Broken Access Control on Review vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin Wp Ultimate Review versions = 2.2.5...

WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin WP-Recall versions = 16.26.5...

WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability

Form Submission Restriction Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin weForms versions = 1.6.20...

WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability

IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...

WordPress VS Contact Form plugin <= 14.7 - Sum Captcha Bypass vulnerability

Sum Captcha Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin VS Contact Form versions = 14.7...

WordPress CP Polls Plugin <= 1.0.71 is vulnerable to Bypass Vulnerability

Software CP Polls Type Plugin Vulnerable versions = 1.0.71 Fixed in 1.0.72 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-24873 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b041270a0860 Credits Kyle Sanchez Required privilege...

sanchez-navarro.com Improper Access Control vulnerability OBB-3809601

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WWBN AVideo command injection vulnerability

WWBN AVideo Authenticated RCE A command injection vulnerability exists at plugin/CloneSite/cloneClient.json.php which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854 which affects WWBN Avideo up to version 12.3 Vulnerable Code...

WordPress Resim Ara plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ricardo Sanchez in WordPress Resim Ara plugin versions = 1.0. Solution This plugin has been closed as of January 17, 2020 and is not available for download. Reason: Security Issue...

WordPress Resim ara 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Resim ara 1.0 Resim ara is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Ricardo Sanchez in WordPress Human Presence plugin versions = 2.0.8. Solution 11 September 2019 - we were unable to find a patched version of this plugin...