Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2021/11/24 12:0 a.m.414 views

CMSimple 5.4 - Local file inclusion to Remote code execution Exploit

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/09/02 12:0 a.m.414 views

Compro Technology IP Camera - (index_MJpeg.cgi) Stream Disclosure Vulnerability

Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized access vulnerability,...

7.5CVSS0.5AI score0.22724EPSS
Exploits3
0day.today
0day.today
added 2021/06/18 12:0 a.m.414 views

Node.JS - (node-serialize) Remote Code Execution Exploit (3)

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize = require'node-serialize...

9.8CVSS9.6AI score0.61025EPSS
Exploits5
0day.today
0day.today
added 2020/03/21 12:0 a.m.414 views

Avast Secure Browser 76.0.1659.101 Local Privilege Escalation Vulnerability

A local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. Avast Secure Browser...

7.8CVSS0.3AI score0.00522EPSS
Exploits1
0day.today
0day.today
added 2017/05/17 12:0 a.m.414 views

Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)

;Full tutorial: https://www.zinzloun.info Windows CMD shellcode ;COMPILE: ;nasm.exe -f win32 dynamic.asm -o dynamic.obj ;SKIP -f win32 to create the .obj file to extract eventually the hex code ;then execute: python bin2hex.py dynamic.obj to get the hex code:...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/08/29 12:0 a.m.414 views

pgAdmin 8.4 Remote Code Execution Exploit

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the securi...

9.8CVSS8.4AI score0.64846EPSS
Exploits5
0day.today
0day.today
added 2023/03/06 12:0 a.m.413 views

Barracuda CloudGen WAN OS Command Injection Vulnerability

Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/updatecertificate endpoint. Versions prior to v8. hotfix 1089 are affected...

7.2CVSS7.1AI score0.07878EPSS
Exploits3
0day.today
0day.today
added 2022/04/08 12:0 a.m.413 views

Social Codia SMS 1 Cross Site Scripting Vulnerability

sms-AddStudent-StoredXSS-POC Author: D4rkP0w4r Description = StoredXSS at Add Student Step to Reproduct Login to admin - Students - Add Student - input payload at Enter Name Exploit Input payload at Enter Name - clicked Add Students - access All Student - The XSS will trigger Log out admin and...

4.8CVSS0.2AI score0.01082EPSS
Exploits3
0day.today
0day.today
added 2021/11/03 12:0 a.m.413 views

Simplephpscripts Simple CMS 2.1 - (Multiple) SQL Injection Vulnerability

Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Product & Service Introduction: =============================== The system could be used only in already existing websites to control their page...

7.1AI score
Exploits0
0day.today
0day.today
added 2020/08/12 12:0 a.m.413 views

vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu...

7.5CVSS9.9AI score0.99728EPSS
Exploits27
0day.today
0day.today
added 2019/04/09 12:0 a.m.413 views

AllPlayer 7.4 - SEH Buffer Overflow (Unicode) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: AllPlayer V7.4 - Local Buffer Overflow SEH Unicode Vulnerable Software: AllPlayer V7.4 Vendor Homepage: https://www.allplayer.org/ Version: 7.4 Software Link:...

Exploits0
0day.today
0day.today
added 2024/04/01 12:0 a.m.412 views

BioTime Directory Traversal / Remote Code Execution Exploit

BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5. . . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on...

9.8CVSS8.4AI score0.8488EPSS
Exploits3
0day.today
0day.today
added 2023/02/27 12:0 a.m.412 views

Simple Food Ordering System 1.0 Cross Site Scripting Vulnerability

Simple Food Ordering System - Authenticated Reflected Cross Site Scripting CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Author Email: navaidnemail protected Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0 What is Reflected Cross-Site...

5.4CVSS6.3AI score0.02693EPSS
Exploits9
0day.today
0day.today
added 2022/12/07 12:0 a.m.412 views

SentinelOne sentinelagent 22.3.2.5 Privilege Escalation Vulnerability

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep. Exploit Title: SentinelOne sentinelagent linux root Privilege Escalation zero day vulnerability Exploit Author: ouchthishurts Vendor...

7.5AI score
Exploits0
0day.today
0day.today
added 2022/01/12 12:0 a.m.412 views

Microsoft Windows Defender - Detections Bypass Vulnerability

Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/08 12:0 a.m.412 views

Cradlepoint Router Password Disclosure Vulnerability

Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...

Exploits0
0day.today
0day.today
added 2007/07/06 12:0 a.m.412 views

eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities =================================================================...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/05/28 12:0 a.m.411 views

FleetCart 4.1.1 Information Disclosure Vulnerability

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Windows 11 Pro 22H2...

6.9CVSS7.4AI score0.18768EPSS
Exploits2
0day.today
0day.today
added 2022/03/24 12:0 a.m.411 views

containerd Image Volume Insecure Handling Exploit

containerd: Insecure handling of image volumes containerd's cri plugin handles image volumes containing path traversals insecurely. This can be used to copy arbitrary host directories to a container-mounted path. OCI images contain a JSON config file described in...

7.5CVSS7.9AI score0.27392EPSS
Exploits4
0day.today
0day.today
added 2021/09/13 12:0 a.m.411 views

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...

Exploits0
0day.today
0day.today
added 2021/09/01 12:0 a.m.411 views

Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit

Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions before 7.12.5 Tested o...

9.8CVSS8.7AI score0.99999EPSS
Exploits45
0day.today
0day.today
added 2018/11/16 12:0 a.m.411 views

Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit

Exploit for linux platform in category local exploits Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switchin...

7AI score0.07611EPSS
Exploits24
0day.today
0day.today
added 2023/09/19 12:0 a.m.410 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

9.8CVSS8.8AI score0.0134EPSS
Exploits3
0day.today
0day.today
added 2022/09/23 12:0 a.m.410 views

Wordpress WP-UserOnline 2.88.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.05291EPSS
Exploits6
0day.today
0day.today
added 2022/05/24 12:0 a.m.410 views

m1k1o Blog v.10 - Remote Code Execution Exploit

Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626 import argparse...

8.8CVSS8.8AI score0.09874EPSS
Exploits4
0day.today
0day.today
added 2022/05/24 12:0 a.m.410 views

OpenCart v3.x Newsletter Module - Blind SQL injection Vulnerability

Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on: XAMPP, Linux...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/01/17 12:0 a.m.410 views

HTTP Protocol Stack Denial Of Service / Remote Code Execution Exploit

!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...

9.8CVSS9.7AI score0.9279EPSS
Exploits21
0day.today
0day.today
added 2021/09/21 12:0 a.m.410 views

OpenCats 0.9.4 XML Injection Vulnerability

Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/10/17 12:0 a.m.410 views

Whatsapp 2.19.216 - Remote Code Execution Exploit

Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinfo info, sizet siz...

8.8CVSS0.44255EPSS
Exploits16
0day.today
0day.today
added 2024/02/12 12:0 a.m.409 views

WyreStorm Apollo VX20 Incorrect Access Control Vulnerability

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.5CVSS6.7AI score0.04343EPSS
Exploits4
0day.today
0day.today
added 2023/06/17 12:0 a.m.409 views

Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/filedownload/118/textpattern-4.8.8.zip Version: v4.8.8 Tested : https://release-demo.textpattern.co/ ---...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/18 12:0 a.m.409 views

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...

9.8CVSS9.5AI score0.50694EPSS
Exploits13
0day.today
0day.today
added 2023/03/14 12:0 a.m.409 views

Apache Tomcat Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including...

7.8CVSS7.9AI score0.03782EPSS
Exploits8
0day.today
0day.today
added 2023/03/07 12:0 a.m.409 views

ZwiiCMS 12.2.04 Remote Code Execution Exploit

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its file manager feature...

9.8CVSS9.7AI score0.1929EPSS
Exploits5
0day.today
0day.today
added 2022/02/17 12:0 a.m.409 views

WordPress Cozmoslabs Profile Builder 3.6.1 Cross Site Scripting Vulnerability

The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes it possible for an...

6.1CVSS0.02703EPSS
Exploits3
0day.today
0day.today
added 2021/12/15 12:0 a.m.409 views

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection Exploit

SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUCRECONRCCOUNTTABLEBIG. Other software and various versions are also affected. ============================================================================== title: Remote ADBC SQL Injection in SAP IUUCRECONRCCOUNTTABLEBIG...

9.1CVSS0.3AI score0.02077EPSS
Exploits5
0day.today
0day.today
added 2021/10/13 12:0 a.m.409 views

Keycloak 12.0.1 - (request_uri) Blind Server-Side Request Forgery (Unauthenticated) Exploit

Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:4444 '''...

5.3CVSS0.5AI score0.69724EPSS
Exploits5
0day.today
0day.today
added 2017/04/07 12:0 a.m.409 views

Moodle 2.x/3.x - SQL Injection Exploit

Exploit for php platform in category web applications Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: email protected Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8,...

7.5CVSS9.2AI score0.1453EPSS
Exploits4
0day.today
0day.today
added 2024/02/05 12:0 a.m.408 views

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...

8.8CVSS8.9AI score0.01418EPSS
Exploits4
0day.today
0day.today
added 2024/02/05 12:0 a.m.408 views

SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability

Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...

6.1CVSS7.4AI score0.00507EPSS
Exploits5
0day.today
0day.today
added 2023/09/19 12:0 a.m.408 views

Taskhub 2.8.7 SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

8CVSS8AI score0.00692EPSS
Exploits5
0day.today
0day.today
added 2023/04/28 12:0 a.m.408 views

Piwigo 13.5.0 SQL Injection Vulnerability

Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...

8.8CVSS8.7AI score0.09725EPSS
Exploits5
0day.today
0day.today
added 2022/06/07 12:0 a.m.408 views

Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection Vulnerability

======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or higher CVE number: CVE-2022-26481 impact: critical...

8.8CVSS0.3AI score0.01577EPSS
Exploits3
0day.today
0day.today
added 2022/04/08 12:0 a.m.408 views

E-Commerce Website 1.0 Shell Upload Exploit

Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...

9.8CVSS9.7AI score0.03333EPSS
Exploits3
0day.today
0day.today
added 2022/03/16 12:0 a.m.408 views

Tiny File Manager 2.4.6 - Remote Code Execution Exploit

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "email protected" " log-in URL=$1 admin=$2 pass=$3...

8.8CVSS7.6AI score0.7008EPSS
Exploits9
0day.today
0day.today
added 2022/03/11 12:0 a.m.408 views

Seowon SLR-120 Router - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Seowon SLR-120 Router - Remote Code Execution Unauthenticated Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&bigkind=B05&middlekind=B0530 Version: All version Tested on:...

9.8CVSS9.6AI score0.71691EPSS
Exploits8
0day.today
0day.today
added 2021/11/15 12:0 a.m.408 views

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection Vulnerability

Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form fields. Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered f...

8.8CVSS9.2AI score0.01478EPSS
Exploits3
0day.today
0day.today
added 2006/04/04 12:0 a.m.408 views

AngelineCMS 0.8.1 (installpath) Remote File Inclusion Exploit

Exploit for unknown platform in category web applications ============================================================= AngelineCMS 0.8.1 installpath Remote File Inclusion Exploit ============================================================= !/usr/bin/perl AngelineCMS 0.8.1 installpath Remote Cod...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/04/15 12:0 a.m.407 views

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

9.8CVSS10AI score0.81801EPSS
Exploits7
0day.today
0day.today
added 2023/12/12 12:0 a.m.407 views

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery Vulnerability

Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...

5.4CVSS7.1AI score0.00457EPSS
Exploits2
Total number of security vulnerabilities5000