18 matches found
CVE-2024-9941
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJgmgtaddstaffmember function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level...
WordPress plugin WPGYM 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-27100
Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...
Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting
The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue As a Staff Member, put the following payload in your Full Name Booklyn -- Profile -- Edit -- Full Name: alert/XSS/ The XSS will be triggered when an...
Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting
The plugin does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue PoC As a Staff Member, put the following payload in your Full Name Booklyn -- Profile -- Edit -- Full Name: The XSS will be triggered when an admin ope...
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...
Shopify: Add new development stores without permission
Details A staff member who only has permission to add and remove managed stores can also create development stores. It appears proper permission checks are not performed when /organizationID/stores/signupobject/devstore endpoint is queried, as long as a staff member has store access, a token is...
Shopify: staffOrderNotificationSubscriptionDelete Could Be Used By Staff Member With Settings Permission
Hi, The staff order notification should be under the control of staff members with Order permission but I found that the staff member with just Settings permission can also delete the order notifications using the GID Steps to reproduce - Login as a staff member with Settings permission - Make th...
Shopify: staffOrderNotificationSubscriptionCreate Is Not Blocked Entirely From Staff Member With Settings Permission
Hi, I found that the GraphQL call staffOrderNotificationSubscriptionCreate is not blocked from the staff member with Settings permission Steps to reproduce - Login as a staff member with Settings permission - Make this GraphQL call to...
Shopify: [h1-2102] Partner's team member with no permission can retrieve services financial data
Details Unfortunately, I wasn't able to properly validate the following report as I could not get access the my partner's services option event is ending in a few hours and that access is manually given https://help.shopify.com/en/partners/selling-services. However, given the observed behaviour, ...
Shopify: Shopify Stocky App OAuth Misconfiguration
@vulnh0lic noticed that a staff member without Apps permission was able to access the Stocky app. We determined that this was because of a bug in Stocky's OAuth authentication code, which allowed the user to be granted access to Stocky at the start of the OAuth process rather than the end. This...
Shopify: STAFF member with NO Explicit permissions can view `ActivityFeed` via GraphQL
Hi, This is similar to 95589. I noticed that ActivityFeeds are now being fetched by GraphQL call on Shopify. But from my testing, I noticed that STAFF member with NO EXPLICIT permissions can fetch store's activity feed by calling the vulnerable endpoint. STEPS 1.STAFF member is not assigned any...
Shopify: deleted staff member can add his amazon marketplace web services account to the store.
Hi , I have found that if a staff member had access to settings for one single time , he can add his amazon marketplace web services account to the store anytime he wants even after he is deleted from the admins which allows him to fulfill orders for the online store using his own inventory store...
Shopify: create staff member without owner access
Hi as you mentioned in 56726 "Only the the store owner is allowed to create new staff members" admins can't create new staff members! but with this vulnerability admins can use api to create user! steps: - get access token for one full access admin you can send request to xauth or sniff it from...
PacerCMS 0.6 'id' Parameter Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27397/info PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...
PacerCMS 0.6 - id Multiple SQL Injections
PacerCMS 0.6 - id Multiple SQL Injections source: https://www.securityfocus.com/bid/27397/info PacerCMS is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...