4 matches found
CVE-2024-6562 affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due displayerrors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web...
Ubiquiti Inc.: Subdomain Takeover (moderator.ubnt.com)
Hello Team This report is same as 179110 One of your subdomain http://moderator.ubnt.com is pointing towards 216.58.203.243 moderator.ubnt.com 216.58.203.243 ghs.google.com 216.58.203.243 ghs.l.google.com F134183 And it is unclaimed When I open it it is showing F134184 Impact :- An attacker can...
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The...
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery / Cross-Site Scripting
I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The combination of CSRF and XSS in this plugin can lead to huge damage of the website, as the two...