Github Exploits
3,735 exploits tracked across all sources.
MultiSafepay <4.13.1 - Info Disclosure
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.
by tomorroisnew
WordPlus Better Messages <= 1.9.9.148 - Cross-Site Request Forgery via File Upload
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.
by tomorroisnew
Tenda AC10-1200 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
by tomorroisnew
BookWyrm < 0.3.0 - Authenticated Server-Side Request Forgery via Cover URL Load
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.
by tomorroisnew
LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting via Payment Confirmation Page
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
by tomorroisnew
HubSpot WordPress Plugin < 8.8.15 - Server-Side Request Forgery via Proxy REST Endpoint
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
by tomorroisnew
showdoc < 2.10.4 - Stored Cross-Site Scripting via File Upload
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
by tomorroisnew
livehelperchat/livehelperchat <3.97 - SSRF
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
by tomorroisnew
spirit < 0.12.3 - Open Redirect
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
by tomorroisnew
Plezi WordPress Plugin < 1.0.3 - Unauthenticated Stored Cross-Site Scripting via REST Endpoint
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue
by tomorroisnew
Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Stored Cross-Site Scripting via SVG File Upload
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
by tomorroisnew
shareaholic < 9.7.6 - Unauthenticated Information Disclosure via AJAX Action
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
by tomorroisnew
MapSVG < 6.2.20 - Unauthenticated SQL Injection via REST Endpoint
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
by tomorroisnew
FormCraft WP <3.8.28 - Server-Side Request Forgery via URL Parameter
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
by tomorroisnew
WP Voting Contest < 3.0 - Reflected Cross-Site Scripting via post_id Parameter
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
by tomorroisnew
AnyComment WP <0.2.18 - Privilege Escalation
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
by tomorroisnew
AnyComment WordPress <0.2.18 - CSRF
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
by tomorroisnew
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
by tomorroisnew
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
by tomorroisnew
D-Link DIR-615 C2 3.03WW - Buffer Overflow via ping_ipaddr Parameter
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
by tomorroisnew
SupportCandy WordPress <2.2.7 - CSRF
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.
by tomorroisnew
SupportCandy WordPress <2.2.5 - CSRF
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
by tomorroisnew
AnyComment WordPress <0.3.5 - Open Redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
by tomorroisnew
Tab WordPress <1.3.2 - Info Disclosure
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
by tomorroisnew
Support Board < 3.3.6 - Cross-Site Request Forgery via include/ajax.php
The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
by tomorroisnew
By Source