136 matches found
VulnCheck KEV: CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...
CVE-2021-25034
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...
WordPress WP User Frontend 3.5.25 SQL Injection
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...
PT-2021-23457 · Unknown · Resourcespace
Name of the Vulnerable Software and Affected Versions: ResourceSpace versions prior to 9.6 rev 18290 Description: The issue allows for malicious JavaScript content to be executed within the context of a victim's browser, due to a reflected Cross-Site Scripting vulnerability. This can occur when a...
WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by "Mr Winst0n" in WordPress User Registration plugin versions = 1.5.5. Solution Update the WordPress User Registration plugin to the latest available version at least 1.5.6...
WordPress WP User Groups Cross-Site Request Forgery Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WP User Groups is used in one of the user management plugin. A cross-site request forgery vulnerability exists in the...
WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...
Fsociety Hacking Tools Pack
Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...
WordPress User Login History 1.5.2 Cross Site Scripting
Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 CVE description Multiple cross-site scripting XSS vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow...
SQL Injection Vulnerability in weiphp 'Application\Home\Controller\PublicController.class.php' Page
weiphp is an open source, efficient, simple microsoft development platform. The weiphp 'Application\Home\Controller\PublicController.class.php' page has a SQL injection vulnerability. Due to the direct carry of $data = M gettablename $model 'id' -find $id ; resulting in the injection of the...
WordPress User Meta Manager 3.4.6 Privilege Escalation
Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...
WordPress User Role 1.4.1 Cross Site Scripting Vulnerability
WordPress User Role plugin version 1.4.1 suffers from a cross site scripting vulnerability. WordPress User Role 1.4.1 Cross Site Scripting Vulnerability Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified...
EasyCart <= 3.0.15 - Unrestricted File Upload
In versions = 3.0.8 this can be exploited by authenticating as any WordPress user, and in versions 3.0.9 - 3.0.15 can be exploited by passing a valid password hash being used by any admin in the EasyCart user system...
WordPress User Domain Whitelist插件跨站请求伪造漏洞
WordPress是一款内容管理系统。 应用程序允许用户通过未经验证检查的HTTP请求执行某些操作,攻击者可以利用漏洞在欺骗管理员用户登录特制网页时修改插件设置。 0 WordPress User Domain Whitelist Plugin 1.x WordPress User Domain Whitelist Plugin 1.5版本以修复此漏洞,建议用户下载使用: http://wordpress.org/plugins/user-domain-whitelist/changelog/ form...
WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...
WordPress User Role Editor 3.12 Cross Site Request Forgery
Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-editor Version: =3.12 Tested on: Debian...