Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Packet Storm
Packet Stormadded 2024/09/19 12:0 a.m.339 views

Prison Management System 1.0 Code Injection

============================================================================================================================================= | Title : Prison Management System v1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
wpexploit
wpexploitadded 2023/10/27 12:0 a.m.116 views

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

9.8CVSS7.1AI score0.01033EPSS
Exploits2
wpexploit
wpexploitadded 2022/01/06 12:0 a.m.71 views

IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban

The plugin does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. v2.26.5 added...

7.1CVSS0.6AI score0.00148EPSS
Exploits2References1
wpexploit
wpexploitadded 2022/01/06 12:0 a.m.94 views

IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF

The plugin does not have CSRF check in the ip2locationcountryblockersaverules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. Make an admin open a page with the following code in it, whi...

7.1CVSS0.5AI score0.00089EPSS
Exploits2References1
wpexploit
wpexploitadded 2022/01/05 12:0 a.m.90 views

WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS

The plugin does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting Run the below command in...

5.4CVSS5.4AI score0.00208EPSS
Exploits2
wpexploit
wpexploitadded 2021/12/20 12:0 a.m.90 views

Event Calendar < 1.1.51 - Subscriber+ Event Creation

The plugin does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events Adding calendar events: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS0.8AI score0.00071EPSS
Exploits2
Jake Archibald's Blog
Jake Archibald's Blogadded 2021/06/30 1:0 a.m.131 views

Encoding data for POST requests

Right now, when you go to copilot.github.com you're greeted with this example: async function isPositivetext const response = await fetchhttp://text-processing.com/api/sentiment/, method: 'POST', body: text=$text, headers: 'Content-Type': 'application/x-www-form-urlencoded', , ; const json = awai...

7.2AI score
Exploits0
Rows per page
Query Builder