Github Exploits
3,698 exploits tracked across all sources.
iboss Secure Web Gateway <10.1 - XSS
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.
by halilkirazkaya
User Meta <= 3.0 - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
by halilkirazkaya
Coda v.2024Q1 - Cross-Site Scripting
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
by halilkirazkaya
WordPress Plugin <2.2.76 - Info Disclosure
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
by halilkirazkaya
Travelpayouts WordPress plugin < 1.1.17 - Unauthenticated Open Redirect
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
by halilkirazkaya
Analytics Insights for Google Analytics 4 < 6.3 - Unauthenticated Open Redirect via oauth2callback.php
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
by halilkirazkaya
Shield Security < 18.5.10 - Unauthenticated Local File Inclusion via render_action_template Parameter
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
by halilkirazkaya
Payment Gateway for Telcell < 2.0.4 - Open Redirect via api_url Parameter
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
by halilkirazkaya
Prime Mover < 1.9.3 - Directory Listing in Export File Directories
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.
by halilkirazkaya
WordPress Toolbar <2.2.6 - Open Redirect
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
by halilkirazkaya
Quttera Web Malware Scanner WP <3.4.2.1 - Info Disclosure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code
by halilkirazkaya
Hotel Booking Lite < 4.8.5 - Unauthenticated Path Traversal and Arbitrary File Deletion
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
by halilkirazkaya
WordPress <4.1.10 - Info Disclosure
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
by halilkirazkaya
ECTouch v2 - SQL Injection via $arr['id'] Parameter
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
by halilkirazkaya
Site Offline WordPress plugin < 1.5.3 - Authorization Bypass via URL Query
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
by halilkirazkaya
The Popup by Supsystic WordPress <1.10.9 - Info Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
by halilkirazkaya
Pinterest Automatic <1.14.3 - Auth Bypass
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
by halilkirazkaya
Wipro Holmes Orchestrator 20.4.1 - Info Disclosure
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
by halilkirazkaya
Wipro Holmes Orchestrator <20.4.1 - Path Traversal
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
by halilkirazkaya
IBM Data Risk Manager 2.0.1-2.0.6 - Use of Hard-coded Credentials
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
by halilkirazkaya
WP Fastest Cache <0.9.0.2 - Privilege Escalation
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
by halilkirazkaya
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary URI Creation via rankmath/v1/updateRedirection Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
by halilkirazkaya
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary Metadata Update via rankmath/v1/updateMeta Endpoint
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
by halilkirazkaya
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
by halilkirazkaya
bj_lazy_load < 1.0 - Remote File Inclusion
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
by halilkirazkaya
By Source