Lucene search
K
PacketstormMost viewed

50773 matches found

Packet Storm
Packet Storm
added 2019/10/15 12:0 a.m.428 views

OpenProject 10.0.1 / 9.0.3 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: = 9.0.3, =10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium homepage:...

4.3CVSS0.01659EPSS
Exploits1
Packet Storm
Packet Storm
added 2018/10/05 12:0 a.m.428 views

Windows Net-NTLMv2 Reflection DCOM/RPC

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...

7.2CVSS0.4AI score0.87042EPSS
Exploits23
Packet Storm
Packet Storm
added 2025/12/04 12:0 a.m.427 views

📄 Microsoft Windows 11 Administrator Protection UAC Bypass / Privilege Escalation

A privilege escalation vulnerability exists in Windows 11 Insider Preview Build 10.0.27919.1000 due to improper handling of user‑controlled environment variables by the Unified Background Process Manager UBPM when launching elevated scheduled tasks under Administrator Protection. Proof of concept...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/29 12:0 a.m.427 views

NEXT-EMP 1.0 Shell Upload

NEXT-EMP version 1.0 suffers from a remote shell upload vulnerability. Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.427 views

Samba Symlink Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba Symlink Directory Traversal', 'Description' = %Q This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this...

3.5CVSS6.9AI score0.3053EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.427 views

AMSS++ 4.2 Insecure Settings

=================================================================== | Title : AMSS++ v 4.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on: windows 8.1 Français V.Pro | | Vendor : http://amssplus.ubn4.go.th/amssplusdownload/ | | Dork : Education Area Management Support System...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.427 views

CKSource CKEditor5 35.4.0 Cross Site Scripting

Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110...

6.8AI score0.02097EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/22 12:0 a.m.427 views

Online Course Registration 1.0 SQL Injection

Exploit Title: Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Authenticated Exploit Author: Sam Ferguson @AffineSecurity and Drew Jones @qhum7sec Date: 2021-10-21 Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/06 12:0 a.m.427 views

WordPress WP24 Domain Check 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Date: 2021-01-03 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://wordpress.org/plugins/wp24-domain-check/ Software Link:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2018/12/06 12:0 a.m.427 views

WordPress Events Made Easy 2.0.68 Database Disclosure

Exploit Title : WordPress Events Made Easy Plugins 2.0.68 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/events-made-easy/ Software Download Link :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.426 views

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

9.8CVSS9AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.426 views

Gitea 1.24.0+dev HTML Injection / Cross Site Scripting

Gitea version 1.24.0+dev suffers from an html injection vulnerability that can allow for cross site scripting. Title: Gitea 1.24.0+dev HTML Injection Vulnerability Description: Gitea version 1.24.0+dev-355-g74c8e95e87 is vulnerable to an HTML Injection vulnerability. The issue arises due to...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/16 12:0 a.m.426 views

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.426 views

vTiger CRM 7.4.0 Cross Site Scripting

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

7.4AI score0.00733EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/07/11 12:0 a.m.426 views

WordPress Poll Maker 5.3.2 SQL Injection

Exploit Title: WordPress Poll Maker Plugin SQL Injection Date: 2024-07-11 Exploit Author: tmrswrr Category : Webapps Vendor: https://ays-pro.com/wordpress/poll-maker Version 5.3.2 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to Poll Maker Results...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/06 12:0 a.m.426 views

Artica Proxy 4.50 Unauthenticated PHP Deserialization

KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID: KL-001-2024-002 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt 1...

7.4AI score0.8126EPSS
Exploits9
Packet Storm
Packet Storm
added 2023/01/18 12:0 a.m.426 views

Zstore 6.5.4 Cross Site Scripting

Title: zstore-6.5.4 - XSS-Reflected Development: nu11secur1ty Date: 01.18.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/10 12:0 a.m.426 views

OpenCATS 0.9.4 Remote Code Execution

Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/25 12:0 a.m.426 views

Seeddms 5.1.10 Remote Command Execution

Exploit Title: Seeddms 5.1.10 - Remote Command Execution RCE Authenticated Date: 25/06/2021 Exploit Author: Bryan Leong Vendor Homepage: https://www.seeddms.org/index.php?id=2 Software Link: https://sourceforge.net/projects/seeddms/files/seeddms-5.0.11/ Version: Seeddms 5.1.10 Tested on: Windows ...

6CVSS7.5AI score0.11696EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/05/13 12:0 a.m.426 views

ScadaBR 1.0 / 1.1CE Windows Shell Upload

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Google Dork: N/A Date: 03/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for...

8.8AI score0.39096EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/02/10 12:0 a.m.426 views

b2evolution CMS 6.11.6 Open Redirection

Exploit Title: Open redirect in b2evolution CMS 6.11.6 redirectto parameter in emailpassthrough.php Google Dork: N/A Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405...

6.3AI score0.13817EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/01/15 12:0 a.m.426 views

Online Hotel Reservation System 1.0 SQL Injection

Exploit Title: Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/05 12:0 a.m.426 views

HiSilicon DVR/NVR hi3520d Firmware Backdoor Account

Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/05 12:0 a.m.427 views

Joomla Jumi 3.0.5 Database Disclosure / SQL Injection

Exploit Title : Joomla Jumi Components 3.0.5 SQL Injection / Database Disclosure / Remote File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : 2glux.com Software Download Link :...

7.5CVSS6.7AI score0.02043EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.425 views

📄 OpenSSL 3.x PKCS#12 PBMAC1 KeyLength Buffer Overflow

This proof of concept demonstrates a buffer overflow vulnerability in OpenSSL versions 3.4 to 3.6 related to improper handling of the PBMAC1 keyLength parameter in PKCS12 files. By crafting a malicious PKCS12 structure with an excessively large keyLength value, the proof of concept triggers a...

9.8CVSS6.4AI score0.47621EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.426 views

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...

10CVSS7AI score0.63748EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/02/24 12:0 a.m.425 views

Music Gallery Site 1.0 SQL Injection

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad...

0.4AI score0.01883EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/12/03 12:0 a.m.425 views

Online Pre-Owned / Used Car Showroom Management System 1.0 SQL Injection

Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.htm...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/26 12:0 a.m.425 views

Pluck CMS 4.7.13 Remote Shell Upload

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

6.5CVSS0.2AI score0.33428EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/04/14 12:0 a.m.425 views

HEUR.Hoax.Win32.FrauDrop.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1d40e72fb8cf300298df4b828b48ec29.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Hoax.Win32.FrauDrop.gen Vulnerability: Insecure Permissions Description: FrauDrop.gen creates a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/21 12:0 a.m.425 views

WebLogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE - BadAttributeValueExpException', 'Description' = %q There exists a Java object deserialization vulnerability...

7.5CVSS0.4AI score0.97116EPSS
Exploits26
Packet Storm
Packet Storm
added 2019/11/14 12:0 a.m.425 views

FusionPBX Operator Panel exec.php Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

6.5CVSS8.8AI score0.8748EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/09/20 12:0 a.m.425 views

LayerBB 1.1.3 Cross Site Request Forgery

Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1. Description: LayerBB is a free open-source forum...

0.6AI score0.02549EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/06/29 12:0 a.m.425 views

Apache ActiveMQ 5.x Web Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...

7.5CVSS9.8AI score0.98518EPSS
Exploits19
Packet Storm
Packet Storm
added 2012/02/23 12:0 a.m.425 views

WebcamXP / Webcam7 Directory Traversal

Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability Google Dork: "powered by webcamxp" xhtml css Google Dork: "powered by webcam 7" Date: 2/22/2012 Author: Silent Dream Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2024/11/21 12:0 a.m.424 views

Judge0 Sandbox Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Judge0 sandbox escape', 'Description' = %q Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an...

10CVSS7.4AI score0.07211EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/11/07 12:0 a.m.424 views

CyberPanel upgrademysqlstatus Arbitrary Command Execution

import httpx import sys def getCSRFtokenclient: resp = client.get"/" return resp.cookies'csrftoken' def pwnclient, CSRFtoken, cmd: headers = "X-CSRFToken": CSRFtoken, "Content-Type":"application/json", "Referer": strclient.baseurl payload = '"statusfile":"/dev/null; %s; ","csrftoken":"%s"' % cmd,...

10CVSS7.1AI score0.86725EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.424 views

Employee Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Employee Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.424 views

PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Cleaning Business Software v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0...

7.4AI score0.00339EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.424 views

Shuttle Booking Software 2.0 Cross Site Scripting

Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Date: 09/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link:...

7.5AI score0.00721EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/10/13 12:0 a.m.424 views

PyTorch Model Server Registration / Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'PyTorch Model Server Registration and Deserialization RCE', 'Description' = %q The PyTorch model server contains multiple...

10CVSS9.2AI score0.99615EPSS
Exploits10
Packet Storm
Packet Storm
added 2023/03/01 12:0 a.m.425 views

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...

9.8CVSS0.2AI score0.98342EPSS
Exploits7
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.424 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.5AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.424 views

Raspberry Pi 5.10 Default Credentials

Exploit Title: Raspberry Pi 5.10 - Default Credentials Date: 08/12/2021 Exploit Author: netspooky Vendor Homepage: https://www.raspberrypi.com/ Software Link: https://www.raspberrypi.com/software/operating-systems/ Version: Raspberry Pi OS = 5.10 Tested on: Raspberry Pi OS 5.10 CVE : CVE-2021-387...

0.2AI score0.15666EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.424 views

Hasura GraphQL 1.3.3 Arbitrary File Read

Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/31 12:0 a.m.424 views

Fuel CMS 1.4.8 SQL Injection

Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/05 12:0 a.m.424 views

Avaya IP Office 11 Insecure Transit / Password Disclosure

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-IP-OFFICE-INSECURE-TRANSIT-PASSWORD-DISCLOSURE.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.avaya.com Product Avaya IP Office v9.1.8.0 - 11 IP Office...

2.1CVSS0.01EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/05/19 12:0 a.m.424 views

PHP-Fusion 9.03.50 SQL Injection

Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.423 views

Zope 5.9 Command Injection

Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.423 views

WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting

Vulnerability Summary from Wordfence Intelligence Description: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress = 2.8.7 – Authorization Bypass via type connect-app API Affected Plugin: POST SMTP Mailer – Email log, Delivery Failure Notifications and Be...

9.8CVSS7.1AI score0.90339EPSS
Exploits7
Total number of security vulnerabilities5000