Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2023-07-01
Med.
WordPress Social Login And Register 7.6.4 Authentication Bypass CVE-2023-2982
Lana Codes
Low
Car Listing Script 1.8 Cross Site Scripting
CraCkEr
2023-06-30
Med.
SPIP 4.2.3 SQL Injection
nu11secur1ty
Low
Zip And RAR FileExtractor 5.7 Cross Site Scripting
tmrswrr
Low
FAQ Script 2.3 Cross Site Scripting
CraCkEr
Med.
WordPress Ultimate Member 2.6.6 Privilege Escalation CVE-2023-3460
Marc-Alexandre Montpas
Low
GZ Appointment Scheduling 1.8 Cross Site Scripting
CraCkEr
Low
Property Listing Script 1.0 Cross Site Scripting
CraCkEr
2023-06-28
Low
Office Suite Premium 10.9.1.42602 Cross Site Scripting
tmrswrr
Low
MyBB Favicon 1.0 Cross Site Scripting
0xB9
Low
News Script Pro 2.4 Cross Site Scripting
CraCkEr
Low
Event Script 2.1 Cross Site Scripting
CraCkEr
Low
GuestBook Script 2.2 Cross Site Scripting
CraCkEr

The latest CVEs

2023-07-01
CVE-2020-36740
The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site admi...
CVE-2020-36741
The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator int...
CVE-2020-36742
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site ...
CVE-2020-36743
The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can t...
CVE-2020-36744
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site admin...
CVE-2020-36745
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator i...
CVE-2021-4388
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured propert...
CVE-2021-4389
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site admin...
CVE-2021-4390
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can tr...
CVE-2021-4391
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request gran...

Dorks

2023-06-26
Med.
ToprakAJans Admin NoRedirect Bypass
intext:"@ToprakAjans"
 BQX
2023-06-22
Med.
HiSecOS 04.0.01 Privilege Escalation
HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation
 dreizehnutters
Low
WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting( CVE-2023-3320 )
inurl:~/admin/views/admin.php
 Amirhossein Bahramizadeh
2023-06-19
Med.
WordPress Theme Medic v1.0.0 Weak Password Recovery Mechanism for Forgotten Password( CVE-2020-11027 )
inurl:/wp-includes/class-wp-query.php
 Amirhossein Bahramizadeh
2023-06-18
Low
BlogMagz 1.0 - Stored XSS
Copyright © 2023 BlogMagz All Rights Reserved.
 CraCkEr
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2023, cxsecurity.com

 

Back to Top