CVE-2021-25069
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a…
Devamını oku
Kategori: Güvenlik Açıkları
CVE-2021-25075
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action,…
CVE-2021-25082
The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a…
CVE-2021-25099
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request…
CVE-2021-25100
The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading…
CVE-2021-25101
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of…
[webapps] Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated)
Cab Management System 1.0 – Remote Code Execution (RCE) (Authenticated) Exploit ile ilgili teknik detaylar için Devamını Oku Kaynak: Exploit-DB.com RSS Feed
[webapps] Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated)
Microweber 1.2.11 – Remote Code Execution (RCE) (Authenticated) Exploit ile ilgili teknik detaylar için Devamını Oku Kaynak: Exploit-DB.com RSS Feed
[webapps] Cab Management System 1.0 – ‘id’ SQLi (Authenticated)
Cab Management System 1.0 – ‘id’ SQLi (Authenticated) Exploit ile ilgili teknik detaylar için Devamını Oku Kaynak: Exploit-DB.com RSS Feed
[webapps] WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated)
WordPress Plugin Perfect Survey – 1.5.1 – SQLi (Unauthenticated) Exploit ile ilgili teknik detaylar için Devamını Oku Kaynak: Exploit-DB.com RSS Feed