yup-Ivan

4 exploits Active since Mar 2019
CVE-2019-9978 NOMISEC MEDIUM WORKING POC
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
4 stars
CVSS 6.1
CVE-2024-9796 NOMISEC CRITICAL WORKING POC
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
2 stars
CVSS 9.8
CVE-2024-6651 NOMISEC MEDIUM WORKING POC
WordPress File Upload <4.24.8 - XSS
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
1 stars
CVSS 6.1
CVE-2022-47447 NOMISEC MEDIUM WRITEUP
WordPress WP-Advanced-Search <= 3.3.8 - Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.
1 stars
CVSS 4.3