The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.1AI Score
0.001EPSS
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to...
8.8CVSS
8.5AI Score
0.002EPSS
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such.....
6.1CVSS
6.1AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3...
7.5CVSS
7.4AI Score
0.001EPSS
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to.....
9.8CVSS
9.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML...
6AI Score
0.002EPSS
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished.....
5.3CVSS
5.2AI Score
0.001EPSS
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to...
9.6CVSS
8.7AI Score
0.004EPSS
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password...
9.8CVSS
10AI Score
0.002EPSS
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged...
5.3CVSS
5.4AI Score
0.001EPSS
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to...
7.5CVSS
7.5AI Score
0.031EPSS
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under...
9.8CVSS
9.7AI Score
0.044EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node...
5.4AI Score
0.001EPSS
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to...
8.8AI Score
0.002EPSS
PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot...
7.5AI Score
0.076EPSS
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and...
7.6AI Score
0.024EPSS
Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2)...
7.4AI Score
0.01EPSS
Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat...
6AI Score
0.002EPSS
SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild...
8.4AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. NOTE: this issue might...
6.3AI Score
0.002EPSS