yup-Ivan

CVE-2019-9978 NOMISEC MEDIUM WORKING POC

Social Warfare <3.5.3 - Stored XSS

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.

4 stars

CVSS 6.1

View Code

CVE-2024-9796 NOMISEC CRITICAL WORKING POC

Internet-formation Wp-advanced-search < 3.3.9.2 - SQL Injection

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

2 stars

CVSS 9.8

View Code

CVE-2024-6651 NOMISEC MEDIUM WORKING POC

WordPress File Upload <4.24.8 - XSS

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

1 stars

CVSS 6.1

View Code

CVE-2022-47447 NOMISEC MEDIUM WRITEUP

Internet-formation Wp-advanced-search < 3.3.8 - CSRF

Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.

1 stars

CVSS 4.3

View Code