Thinkland Security Team

25 exploits Active since Apr 2021
CVE-2021-27545 WRITEUP MEDIUM WRITEUP
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVSS 6.5
CVE-2021-24720 WRITEUP MEDIUM WRITEUP
GeoDirectory Business Directory <2.1.1.3 - XSS
The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).
CVSS 5.4
CVE-2021-27544 WRITEUP MEDIUM WRITEUP
PHPGurukul Beauty Parlour Mgt v1.0 - XSS
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
CVSS 4.8
CVE-2021-35387 WRITEUP HIGH WRITEUP
Hospital Management System <4.0 - SQL Injection
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
CVSS 8.8
CVE-2021-35388 WRITEUP MEDIUM WRITEUP
Hospital Management System <4.0 - XSS
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
CVSS 5.4
CVE-2021-39328 WRITEUP MEDIUM WRITEUP
Simple Job Board <= 2.9.4 - Authenticated Stored Cross-Site Scripting in Privacy Policy Label
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39329 WRITEUP MEDIUM WRITEUP
JobBoardWP <= 1.0.7 - Authenticated Stored Cross-Site Scripting in Metabox Parameters
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39334 WRITEUP MEDIUM WRITEUP
Job Board Vanila < 1.0 - Authenticated Stored Cross-Site Scripting via psjb_exp_in and psjb_curr_in Parameters
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39335 WRITEUP MEDIUM WRITEUP
WpGenius Job Listing <= 1.0.2 - Authenticated Stored Cross-Site Scripting via Admin Options Parameters
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39336 WRITEUP MEDIUM WRITEUP
Job Manager <= 0.7.25 - Authenticated Stored Cross-Site Scripting via admin-jobs.php Parameters
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39337 WRITEUP MEDIUM WRITEUP
job-portal <= 0.0.1 - Authenticated Stored Cross-Site Scripting via jobs_function.php Parameters
The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39338 WRITEUP MEDIUM WRITEUP
MyBB Cross-Poster < 1.0 - Authenticated Stored Cross-Site Scripting via MyBBXPSettings.php Parameters
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39340 WRITEUP MEDIUM WRITEUP
Notification < 7.2.4 - Stored Cross-Site Scripting via Settings Parameters
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 4.8
CVE-2021-39343 WRITEUP MEDIUM WRITEUP
MPL-Publisher <= 1.30.2 - Authenticated Stored Cross-Site Scripting via PublisherController Parameters
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39344 WRITEUP MEDIUM WRITEUP
kjm_admin_notices <= 2.0.1 - Authenticated Stored Cross-Site Scripting via Admin Parameters
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39345 WRITEUP MEDIUM WRITEUP
HAL WordPress Plugin <= 2.1.1 - Authenticated Stored Cross-Site Scripting via wp-hal.php Parameters
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39346 WRITEUP MEDIUM WRITEUP
Google Maps Easy < 1.9.33 - Authenticated Stored Cross-Site Scripting via Marker Group Parameters
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 4.8
CVE-2021-39348 WRITEUP MEDIUM WRITEUP
LearnPress <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting via Custom Profile Parameter
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.
CVSS 5.5
CVE-2021-39349 WRITEUP MEDIUM WRITEUP
Author Bio Box < 3.3.1 - Authenticated Stored Cross-Site Scripting via Admin Parameters
The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39354 WRITEUP MEDIUM WRITEUP
Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting via Start and End Date Parameters
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
CVSS 4.8
CVE-2021-39355 WRITEUP MEDIUM WRITEUP
Indeed Job Importer <= 1.0.5 - Authenticated Stored Cross-Site Scripting via indeed-job-importer.php Parameters
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39356 WRITEUP MEDIUM WRITEUP
Content Staging < 2.0.1 - Authenticated Stored Cross-Site Scripting via Settings Template Parameters
The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the ~/templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-39357 WRITEUP MEDIUM WRITEUP
Leaky Paywall <= 4.16.5 - Authenticated Stored Cross-Site Scripting via class.php
The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS 5.5
CVE-2021-27545 EXPLOITDB MEDIUM text WORKING POC
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVSS 6.5
CVE-2021-39352 METASPLOIT HIGH ruby WORKING POC
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
CVSS 7.2