12 matches found
Exploit for Improper Authentication in Elementor Website_Builder
CVE-2023-47504 POC Exploit for CVE-2023-47504. According to N...
CVE-2023-5235 Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the...
CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks...
PT-2024-14888 · WordPress · Essential Real Estate
Name of the Vulnerable Software and Affected Versions: The Essential Real Estate WordPress plugin versions prior to 4.4.0 Description: The issue arises from the plugin not applying proper capability checks on its AJAX actions. This allows attackers with a subscriber account to conduct Stored XSS...
Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. PoC 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete...
Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access
The plugin does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. Run the below command in the developer console of the we...
HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file To delete the license.txt at the root of the blog: await...
Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...
WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. - Log on to the site using a subscriber account. - On the page the shortcode is...
Ultimate Membership Pro < 8.6.1 - Multiple Critical Vulnerabilities
Multiple Critical Vulnerabilities found in Ultimate Membership Pro could leads to Authenticated using a low privilege account, such as subscriber Remote Code Execution on default Installation, as well as PII disclosure such as emails, IP addresses, hashed passwords, usernames, User-Agent and so o...
Critical Authentication Flaws in Cisco Policy Suite Patched
Cisco has patched four critical security vulnerabilities surrounding a lack of authentication requirements in its Policy Suite for mobile carriers. These would allow remote attackers to potentially exfiltrate information, compromise wireless subscriber account information, meddle with databases o...
WP Statistics SQL Injection vulnerability
Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins, that is currently installed on over 300,000 websites. The SQL Injection vulnerability in WP Statistics could be exploited by attackers, with at least a subscriber...