EUVD-2025-36342

A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

EUVD-2022-48965

Malicious code in bioql PyPI...

GHSA-JVHM-GJRH-3H93 Nuxt allows DOS via cache poisoning with payload rendering response

Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/payload.json which will be rendered as JSON. If the CDN ...

CVE-2024-11194

CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

Login Lockdown – Protect Login Form < 2.09 - Subscriber+ Options Leak

Description The plugin does not prevent logged-in users of any role e.g. subscribers from leaking its settings, which may include allowlisted IP addresses as well as a global unlock key, with which they could add their own IP address to the plugin's list. As a logged-in subscriber, visit the...

Contact Form 7 Connector < 1.2.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. http://vulnerable-site.tld/wp-admin/admin.php?page=ari-cf7connector-log&format=html&log=...

Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. 1. Login with a subscriber account, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2...

Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update

Description The plugin does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. 1. login, and visit https://vulnerable-site.tld/wp-admin/profile.php?action=delete 2. run the following in...

WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

Description The plugin does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. Run the following Python script, then visit https://vulnerable-site.tld/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&mapid=1...

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...

vansky.org Cross Site Scripting vulnerability OBB-3667430

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MStore API < 3.9.9 - Unauthenticated Privilege Escalation

The plugin does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features. 1 Simulate the site has a valid Pro API key by running the following in WP CLI...

HTTP Headers < 1.18.11 - Admin+ Remote Code Execution

This plugin allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. --- " and Password as any value. 4. Navigate to Settings HTTP Headers Advanced settings and set the "Location of .hh-htpasswd" field to its previous value this is only required on...

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's details 3...

Find and Replace All < 1.3 - Reflected Cross Site Scripting

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The plugin does not properly escape data when exporting it via CSV files. 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui&tab=export, and open the resulting CSV file in Excel or equivalen...

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server Hostname"...

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...