Lucene search
+L

123 matches found

Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.7 views

PT-2024-37747 · WordPress · Meks Video Importer

Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...

4.3CVSS6.3AI score0.00325EPSS
Exploits0References6
OSV
OSV
added 2024/06/24 3:15 a.m.5 views

CVE-2024-6280

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/ajax.php?action=savesettings. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack...

9.8CVSS5.5AI score0.00665EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.10 views

PT-2024-26230 · Unknown · Itsourcecode Payroll Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Payroll Management System version 1.0 Description: The issue allows an unauthenticated attacker to upload a malicious PHP file via the "save settings" page, which is intended for image uploads. This can lead to the execution of...

9.8CVSS7.5AI score0.01923EPSS
Exploits4References4
wpexploit
wpexploit
added 2024/05/28 12:0 a.m.159 views

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...

5.9AI score0.00399EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.8 views

PT-2024-25806 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions prior to 9.5 Description: A path traversal issue exists in the "save settings" endpoint due to insufficient sanitization of the config parameter in the apply settings function. This allows an attacker to...

8.4CVSS8.7AI score0.00825EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

5.3CVSS5.6AI score0.00565EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.6 views

WordPress plugin SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.00565EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-24925 · WordPress · Smartcrawl

Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.2 Description: The issue is related to unauthorized ld+json description injection due to a missing capability check on the save settings function. This allows...

5.3CVSS7.2AI score0.00565EPSS
Exploits0References4
OSV
OSV
added 2024/03/01 5:15 p.m.4 views

CVE-2024-27559

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery CSRF via the component /savesettings.php...

6.3CVSS5.8AI score0.00225EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.4 views

Stupid Simple CMS Security Vulnerability

Stupid Simple CMS is a content management system by codelyfe individual developer. A security vulnerability exists in Stupid Simple CMS v1.2.4 and earlier versions, which stems from a cross-site request forgery CSRF vulnerability in component/savesettings.php...

6.3CVSS6.8AI score0.00225EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/01/11 4:30 p.m.48 views

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

8.8CVSS7.1AI score0.01537EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/01/03 10:15 a.m.5 views

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References3
wpexploit
wpexploit
added 2023/08/08 12:0 a.m.159 views

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

4.8CVSS5.6AI score0.00416EPSS
Exploits2
OSV
OSV
added 2023/06/09 6:16 a.m.6 views

CVE-2023-2083

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4.3CVSS6.6AI score0.00567EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.7 views

PT-2023-12479 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue is related to lacking capability checks and a security nonce in the wpfm save settings AJAX action. This allows subscriber-level attackers t...

9.9CVSS8.8AI score0.01853EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.6 views

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.9CVSS8AI score0.01853EPSS
Exploits1References4
wpexploit
wpexploit
added 2023/05/23 12:0 a.m.156 views

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Ultimate Dashboard - Settings - General"...

4.8CVSS5.4AI score0.0047EPSS
Exploits2
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.6 views

Online Pizza Ordering System 代码问题漏洞

Online Pizza Ordering System is an online pizza ordering system. An arbitrary file upload vulnerability exists in Online Pizza Ordering System v1.0, which stems from the parameter img of admin/ajax.php?action=savesettings that lacks validation of the uploaded file. The vulnerability can be...

9.8CVSS7.7AI score0.03624EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2023/04/23 12:0 a.m.5 views

PT-2023-18512 · Sourcecodester · Sourcecodester Online Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pizza Ordering System version 1.0 Description: A critical issue has been found in the SourceCodester Online Pizza Ordering System, affecting the file admin/ajax.php?action=save settings. The manipulation of the img...

9.8CVSS6.7AI score0.03624EPSS
Exploits4References9
OSV
OSV
added 2023/03/16 1:15 p.m.7 views

CVE-2023-1432

A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=savesettings of the component POST Request Handler. The manipulation leads to improper access control...

9.8CVSS6.8AI score0.00591EPSS
Exploits0References2
Rows per page
Query Builder