384 matches found
CVE-2023-3139
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered...
Design/Logic Flaw
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered...
CVE-2023-3139 Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered...
CVE-2023-3139
Protect WP Admin WordPress plugin before 4.0 discloses the admin panel URL via a crafted URL redirection, bypassing protection. Root cause: redirection flaw enabling unauthenticated disclosure of the admin URL. Affected versions:
PT-2023-23296
Name of the Vulnerable Software and Affected Versions: Protect WP Admin WordPress plugin versions prior to 4.0 Description: The issue allows an attacker to disclose the URL of the admin panel via a redirection of a crafted URL, effectively bypassing the protection offered by the plugin...
WordPress Protect WP Admin Plugin < 4.0 is vulnerable to Bypass Vulnerability
Software Protect WP Admin Type Plugin Vulnerable versions 4.0 Fixed in 4.0 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-3139 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 4511e654606c Credits Daniel Ruf Required privilege...
WordPress Plugin Page Builder: KingComposer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Page Builder: KingComposer...
HTTP Headers < 1.18.8 - Admin+ SQL Injection
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. PoC 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin,...
WordPress Slider Revolution 4.6.5 Shell Upload
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...
CVE-2022-4604
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...
CVE-2022-4604
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...
Cross site request forgery (csrf)
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...
CVE-2022-4604
CVE-2022-4604 affects the WordPress plugin wp-english-wp-admin (versions prior to 1.5.2). The vulnerability resides in the function register_endpoints in english-wp-admin.php and enables cross-site request forgery (CSRF) with remote exploitable conditions. The CVSS data in the provided documents ...
CVE-2022-4604 wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...
WordPress WP Admin UI Customize plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...
CVE-2022-3824
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS
The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-24308 · WordPress · Wp Admin Ui Customize
Name of the Vulnerable Software and Affected Versions: WP Admin UI Customize WordPress plugin versions prior to 1.5.13 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
Blog2Social < 6.9.10 - Subscriber+ SSRF
The plugin does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks Run this script in the web browser console while being logged in as a subscriber...
Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...