unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4267
The Bulk Delete Users by Email WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting CVE project by @Sn0wAlice
Create: 2022-12-27 16:38:31 +0000 UTC Push: 2022-12-27 16:38:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-4266
The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their email via a CSRF attack CVE project by @Sn0wAlice
Create: 2022-12-27 16:38:27 +0000 UTC Push: 2022-12-27 16:38:29 +0000 UTC |
Live-Hack-CVE/CVE-2022-4243
The ImageInject WordPress plugin through TODO does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:38:02 +0000 UTC Push: 2022-12-27 16:38:04 +0000 UTC |
Live-Hack-CVE/CVE-2022-4242
The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:59 +0000 UTC Push: 2022-12-27 16:38:01 +0000 UTC |
Live-Hack-CVE/CVE-2022-4239
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id. CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:55 +0000 UTC Push: 2022-12-27 16:37:57 +0000 UTC |
Live-Hack-CVE/CVE-2022-4227
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:51 +0000 UTC Push: 2022-12-27 16:37:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-4226
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:47 +0000 UTC Push: 2022-12-27 16:37:50 +0000 UTC |
Live-Hack-CVE/CVE-2022-4197
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:44 +0000 UTC Push: 2022-12-27 16:37:46 +0000 UTC |
Live-Hack-CVE/CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's dat CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:40 +0000 UTC Push: 2022-12-27 16:37:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:37 +0000 UTC Push: 2022-12-27 16:37:39 +0000 UTC |
Live-Hack-CVE/CVE-2022-4164
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive informat CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:34 +0000 UTC Push: 2022-12-27 16:37:35 +0000 UTC |
Live-Hack-CVE/CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author pri CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:30 +0000 UTC Push: 2022-12-27 16:37:32 +0000 UTC |
Live-Hack-CVE/CVE-2022-4162
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's datab CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:26 +0000 UTC Push: 2022-12-27 16:37:29 +0000 UTC |
Live-Hack-CVE/CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from t CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:23 +0000 UTC Push: 2022-12-27 16:37:25 +0000 UTC |
Live-Hack-CVE/CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive i CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:19 +0000 UTC Push: 2022-12-27 16:37:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-4159
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's d CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:16 +0000 UTC Push: 2022-12-27 16:37:18 +0000 UTC |
Live-Hack-CVE/CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:12 +0000 UTC Push: 2022-12-27 16:37:14 +0000 UTC |
Live-Hack-CVE/CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configuratio CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:09 +0000 UTC Push: 2022-12-27 16:37:11 +0000 UTC |
Live-Hack-CVE/CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:05 +0000 UTC Push: 2022-12-27 16:37:07 +0000 UTC |
Live-Hack-CVE/CVE-2022-4155
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurati CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:01 +0000 UTC Push: 2022-12-27 16:37:04 +0000 UTC |
Previous
570
571
572
573
574
575
576
577
Next