Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2026/01/16 4:44 a.m.3 views

CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

6.5CVSS5.4AI score0.00363EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2854

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00862EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.3 views

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 24.04.1 and 23.04.6, which stems from an information disclosure that could cause an institutional administrator to view the current submission page unde...

9.1CVSS6AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

Autolab 跨站脚本漏洞

Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A cross-site scripting vulnerability exists in Autolab version 3.0.1, which stems from the presence of an HTML injection vulnerability that could affect instructors and CAs ...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.8 views

User Feedback < 1.0.14 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execu...

6.1CVSS6.4AI score0.00438EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.142 views

HTML Forms < 1.3.25 - Admin+ SQLi

The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...

7.2CVSS0.4AI score0.01786EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2018/12/01 12:0 a.m.15 views

Ninja Forms <= 3.3.19 - Authenticated Open Redirect

Open Redirect vulnerability in download submission page using URL parameter...

5.8CVSS2.3AI score0.01581EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/01/20 8:39 a.m.24 views

CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

6.2AI score0.00862EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/01/17 12:0 a.m.72 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...

5.3CVSS7.4AI score0.01015EPSS
Exploits0References1
exploitpack
exploitpack
added 2012/03/21 12:0 a.m.32 views

Open Journal Systems (OJS) 2.3.6 - index.php?authors[][url] Cross-Site Scripting

Open Journal Systems OJS 2.3.6 - index.php?authorsurl Cross-Site Scripting source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletio...

6.8AI score
Exploits0
0day.today
0day.today
added 2012/01/19 12:0 a.m.18 views

Wordpress uCan Post plugin <= 1.0.09 Stored XSS

Exploit for php platform in category web applications Exploit Title: Wordpress uCan Post plugin window.alertdocument.cookie Email field is not sanitized but can it will check for a valid email address so the maximum result will be a reflected xss POC: email protected'"window.alertdocument.cookie...

7.1AI score
Exploits0
Rows per page
Query Builder