tomorroisnew

34 exploits Active since Aug 2021
CVE-2021-24800 GITHUB MEDIUM NO CODE
DW Question & Answer Pro <1.3.4 - Info Disclosure
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
2 stars
CVSS 4.3
CVE-2021-24805 GITHUB MEDIUM NO CODE
DW Question & Answer Pro <1.3.4 - CSRF
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.
2 stars
CVSS 4.3
CVE-2021-24806 GITHUB MEDIUM NO CODE
wpDiscuz < 7.3.4 - Cross-Site Request Forgery in Comment Management
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.
2 stars
CVSS 4.3
CVE-2021-24808 GITHUB MEDIUM NO CODE
BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting via Subject Parameter
The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
2 stars
CVSS 6.1
CVE-2021-24809 GITHUB HIGH NO CODE
BP Better Messages <1.9.9.41 - CSRF
The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions
2 stars
CVSS 8.8
CVE-2021-24823 GITHUB HIGH NO CODE
Support Board < 3.3.6 - Cross-Site Request Forgery via include/ajax.php
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
2 stars
CVSS 8.1
CVE-2021-24831 GITHUB HIGH NO CODE
Tab WordPress <1.3.2 - Info Disclosure
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
2 stars
CVSS 7.5
CVE-2021-24838 GITHUB MEDIUM NO CODE
AnyComment WordPress <0.3.5 - Open Redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
2 stars
CVSS 6.1
CVE-2021-24839 GITHUB HIGH NO CODE
SupportCandy WordPress <2.2.5 - CSRF
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
2 stars
CVSS 7.5
CVE-2021-24843 GITHUB MEDIUM NO CODE
SupportCandy WordPress <2.2.7 - CSRF
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.
2 stars
CVSS 6.5
CVE-2021-37388 GITHUB CRITICAL NO CODE
D-Link DIR-615 C2 3.03WW - Buffer Overflow via ping_ipaddr Parameter
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
2 stars
CVSS 9.8
CVE-2021-38278 GITHUB CRITICAL NO CODE
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
2 stars
CVSS 9.8
CVE-2021-38772 GITHUB HIGH NO CODE
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
2 stars
CVSS 7.5
CVE-2022-0134 GITHUB HIGH NO CODE
AnyComment WordPress <0.2.18 - CSRF
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
2 stars
CVSS 8.8
CVE-2022-0279 GITHUB LOW NO CODE
AnyComment WP <0.2.18 - Privilege Escalation
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
2 stars
CVSS 3.1
CVE-2022-0321 GITHUB MEDIUM NO CODE
WP Voting Contest < 3.0 - Reflected Cross-Site Scripting via post_id Parameter
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
2 stars
CVSS 6.1
CVE-2022-0591 GITHUB CRITICAL NO CODE
FormCraft WP <3.8.28 - Server-Side Request Forgery via URL Parameter
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
2 stars
CVSS 9.1
CVE-2022-0592 GITHUB CRITICAL NO CODE
MapSVG < 6.2.20 - Unauthenticated SQL Injection via REST Endpoint
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
2 stars
CVSS 9.8
CVE-2022-0594 GITHUB MEDIUM NO CODE
shareaholic < 9.7.6 - Unauthenticated Information Disclosure via AJAX Action
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
2 stars
CVSS 5.3
CVE-2022-0595 GITHUB MEDIUM NO CODE
Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Stored Cross-Site Scripting via SVG File Upload
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
2 stars
CVSS 5.4
CVE-2022-0680 GITHUB MEDIUM NO CODE
Plezi WordPress Plugin < 1.0.3 - Unauthenticated Stored Cross-Site Scripting via REST Endpoint
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue
2 stars
CVSS 6.1
CVE-2022-0869 GITHUB MEDIUM NO CODE
spirit < 0.12.3 - Open Redirect
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
2 stars
CVSS 6.1
CVE-2022-0935 GITHUB HIGH NO CODE
livehelperchat/livehelperchat <3.97 - SSRF
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
2 stars
CVSS 8.8
CVE-2022-0937 GITHUB MEDIUM NO CODE
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
2 stars
CVSS 5.4
CVE-2022-1239 GITHUB HIGH NO CODE
HubSpot WordPress Plugin < 8.8.15 - Server-Side Request Forgery via Proxy REST Endpoint
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
2 stars
CVSS 8.8