Live-Hack-CVE/CVE-2022-4368 The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. CVE project by @Sn0wAlice Create: 2023-01-10 10:08:30 +0000 UTC Push: 2023-01-10 10:08:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-4325 The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-01-10 10:08:26 +0000 UTC Push: 2023-01-10 10:08:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-4310 The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs CVE project by @Sn0wAlice Create: 2023-01-10 10:08:21 +0000 UTC Push: 2023-01-10 10:08:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-4043 The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice Create: 2023-01-10 10:08:17 +0000 UTC Push: 2023-01-10 10:08:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-46603 An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file. CVE project by @Sn0wAlice Create: 2023-01-10 10:08:12 +0000 UTC Push: 2023-01-10 10:08:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-3855 The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice Create: 2023-01-10 10:08:07 +0000 UTC Push: 2023-01-10 10:08:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-3679 The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. CVE project by @Sn0wAlice Create: 2023-01-10 10:08:03 +0000 UTC Push: 2023-01-10 10:08:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0125 A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the p CVE project by @Sn0wAlice Create: 2023-01-10 07:54:34 +0000 UTC Push: 2023-01-10 07:54:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-43973 An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vu CVE project by @Sn0wAlice Create: 2023-01-10 07:54:31 +0000 UTC Push: 2023-01-10 07:54:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-43972 A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. CVE project by @Sn0wAlice Create: 2023-01-10 07:54:26 +0000 UTC Push: 2023-01-10 07:54:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-43971 An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can lever CVE project by @Sn0wAlice Create: 2023-01-10 07:54:22 +0000 UTC Push: 2023-01-10 07:54:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-43970 A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operati CVE project by @Sn0wAlice Create: 2023-01-10 07:54:18 +0000 UTC Push: 2023-01-10 07:54:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-36603 Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1". CVE project by @Sn0wAlice Create: 2023-01-10 07:54:12 +0000 UTC Push: 2023-01-10 07:54:15 +0000 UTC |

Live-Hack-CVE/CVE-2015-10035 A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a CVE project by @Sn0wAlice Create: 2023-01-10 07:54:08 +0000 UTC Push: 2023-01-10 07:54:11 +0000 UTC |

Live-Hack-CVE/CVE-2015-10034 A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier CVE project by @Sn0wAlice Create: 2023-01-10 07:54:03 +0000 UTC Push: 2023-01-10 07:54:05 +0000 UTC |

Live-Hack-CVE/CVE-2015-10033 A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. CVE project by @Sn0wAlice Create: 2023-01-10 07:53:58 +0000 UTC Push: 2023-01-10 07:54:01 +0000 UTC |

Live-Hack-CVE/CVE-2014-125071 A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. I CVE project by @Sn0wAlice Create: 2023-01-10 07:53:53 +0000 UTC Push: 2023-01-10 07:53:56 +0000 UTC |

Live-Hack-CVE/CVE-2014-125072 A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is V CVE project by @Sn0wAlice Create: 2023-01-10 07:53:49 +0000 UTC Push: 2023-01-10 07:53:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-4369 The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-01-10 05:43:46 +0000 UTC Push: 2023-01-10 05:43:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-4351 The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin CVE project by @Sn0wAlice Create: 2023-01-10 05:43:42 +0000 UTC Push: 2023-01-10 05:43:43 +0000 UTC |