10 matches found
EUVD-2018-1908
Malware in sbrugna...
CVE-2021-24447
The CVE covers the WordPress plugin WP Image Zoom, vulnerable before version 1.47. The root cause is lack of validation of the tab parameter used in include_once(), leading to a Local File Inclusion in the admin dashboard. Public sources consistently describe a local file inclusion vulnerability,...
WP Image Zoom < 1.47 - Local File Inclusion
The plugin did not validate its tab parameter before using it in the includeonce function, leading to a local file inclusion issue in the admin dashboard PoC PoC: https://example.com/wp-admin/admin.php?page=zoooomsettings=whatever This URL shows includeonce error, which indicates that the paramet...
WP Image Zoom < 1.47 - Local File Inclusion
The plugin did not validate its tab parameter before using it in the includeonce function, leading to a local file inclusion issue in the admin dashboard PoC: https://example.com/wp-admin/admin.php?page=zoooomsettings&tab=whatever This URL shows includeonce error, which indicates that the paramet...
CVE-2018-1000510
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally or unintentionally via CSRF by any logged in user. This vulnerability...
CVE-2018-1000510
WP Image Zoom (WordPress plugin) version 1.23 contains an Incorrect Access Control vulnerability in the AJAX settings that allows any logged-in user to trigger a denial-of-service. The issue is triggered via CSRF and can be exploited intentionally or unintentionally; the vulnerability is mitigate...
CVE-2018-1000510
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally or unintentionally via CSRF by any logged in user. This vulnerability...
WordPress Image Zoom 1.23 Plugin Denial Of Service Vulnerability
Exploit for php platform in category web applications Details ================ Software: WP Image Zoom Version: 1.23 Homepage: http://wordpress.org/plugins/wp-image-zoooom/ Advisory report: https://advisories.dxw.com/advisories/wp-image-zoom-dos/ CVE: Awaiting assignment CVSS: 7.5 High;...
WP Image Zoom <= 1.23 - Cross-Site Request Forgery (CSRF)
The WP Image Zoom WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
WordPress Wp Image Zoom Plugin <= 1.0.3 - PHP Code Execution
This plugin is prone to download.php file upload PHP code execution vulnerability. Solution Update plugin...