Lucene search
K

102 matches found

OSV
OSV
added 2021/02/10 3:15 p.m.14 views

CVE-2020-29171

Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...

6.1CVSS6.1AI score
Exploits0References3
Prion
Prion
added 2021/02/10 3:15 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...

4.3CVSS6.1AI score0.01495EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/02/10 2:23 p.m.21 views

CVE-2020-29171

Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...

6.1AI score0.01495EPSS
Exploits0References3
CVE
CVE
added 2021/02/10 2:23 p.m.51 views

CVE-2020-29171

CVE-2020-29171 is a Cross-site Scripting (XSS) vulnerability in the WordPress plugin Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) up to version 4.4.6. The flaw resides in admin/wp-security-blacklist-menu.php and stems from insufficient input validatio...

6.1CVSS6.1AI score0.01495EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/01/06 2:47 p.m.52 views

CVE-2020-36176

The CVE-2020-36176 affects the WordPress iThemes Security (formerly Better WP Security) plugin prior to version 7.7.0. The root issue is that the plugin does not enforce a new-password requirement for an existing account until the second login occurs, potentially leaving an account with a weak pa...

7.5CVSS7.5AI score0.01292EPSS
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2019/10/08 12:0 a.m.30 views

All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure

The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit WPScanTeam October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2...

7.3AI score
Exploits0
CVE
CVE
added 2018/06/22 4:0 p.m.62 views

CVE-2018-12636

The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...

7.2CVSS7.4AI score0.30118EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2018/04/06 4:29 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8CVSS7.7AI score0.00866EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/06 4:29 p.m.15 views

CVE-2014-5072

Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

8.8CVSS9AI score0.00866EPSS
Exploits0References2
CVE
CVE
added 2018/04/06 4:0 p.m.39 views

CVE-2014-5072

CVE-2014-5072 affects the WP Security Audit Log WordPress plugin prior to version 1.2.5. The vulnerability is a cross-site request forgery (CSRF) that could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The public records in the connected sources ...

8.8CVSS8.9AI score0.00866EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/06 4:0 p.m.19 views

CVE-2014-5072

Cross-site request forgery CSRF vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

9AI score0.00866EPSS
Exploits0References2
Prion
Prion
added 2018/04/04 7:29 p.m.16 views

Information disclosure

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information...

5CVSS5.2AI score0.15782EPSS
Exploits6References1Affected Software1
NVD
NVD
added 2018/04/04 7:29 p.m.25 views

CVE-2018-8719

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information...

5.3CVSS5.3AI score0.15782EPSS
Exploits6References1
CVE
CVE
added 2018/04/04 7:0 p.m.91 views

CVE-2018-8719

CVE-2018-8719 affects WordPress WP Security Audit Log plugin (v3.1.1). The issue is information disclosure: access to wp-content/uploads/wp-security-audit-log/* is not restricted, enabling potential exposure of sensitive data (e.g., login attempts) and making files indexable by search engines. Ex...

5.3CVSS5.1AI score0.15782EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/03/28 12:0 a.m.16 views

WP Security Audit Log Plugin <= 3.1.1 - Sensitive Information Disclosure

No protection on the wp-content/uploads/wp-security-audit-log/ which is indexed by google and allows for attackers to possibly find user information bad login attempts PoC Google Dork: inurl:/wp-content/uploads/wp-security-audit-log/...

5CVSS4AI score0.15782EPSS
Exploits6References1Affected Software1
Kitploit
Kitploit
added 2016/11/30 2:0 p.m.23 views

XSSER - From XSS to RCE

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Requirements Python 2.7., version 2.7.11 was used for...

7.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2016/07/31 12:0 a.m.15 views

All In One WP Security & Firewall <= 4.1.2 - Multiple vulnerabilities in login CAPTCHA

The All In One WP Security & Firewall WordPress plugin was affected by a Multiple vulnerabilities in login CAPTCHA security vulnerability...

2AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2016/05/04 12:0 a.m.27 views

WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting

Introduction Exploit Title: Acunetix WP Security 3.0.3 XSS Date: May.03.2016 Exploit Author: Johto Robbie Facebook: https://www.facebook.com/johto.robbie Vendor: VN Hacker News Tested On: Apache 2.4.17 / PHP 5.6.16 / Windows 10 / WordPress 4.5.1 Category: Webapps Software Link:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/05/04 12:0 a.m.14 views

WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting

WordPress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting 1. Introduction Exploit Title: Acunetix WP Security 3.0.3 XSS Date: May.03.2016 Exploit Author: Johto Robbie Facebook: https://www.facebook.com/johto.robbie Vendor: VN Hacker News Tested On: Apache 2.4.17 / PHP 5.6.16 /...

6.7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/04/06 12:0 a.m.15 views

All In One WP Security And Firewall < 4.0.7 - Multiple SQL Injections

The All In One WP Security & Firewall WordPress plugin was affected by a Multiple SQL Injections security vulnerability...

7.5CVSS1.9AI score0.01869EPSS
Exploits0Affected Software1
Rows per page
Query Builder