Live-Hack-CVE/CVE-2023-0716 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:12 +0000 UTC Push: 2023-02-08 15:13:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0715 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perfor CVE project by @Sn0wAlice Create: 2023-02-08 15:13:08 +0000 UTC Push: 2023-02-08 15:13:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0711 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:04 +0000 UTC Push: 2023-02-08 15:13:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-0685 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request grant CVE project by @Sn0wAlice Create: 2023-02-08 15:13:01 +0000 UTC Push: 2023-02-08 15:13:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-0684 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and pe CVE project by @Sn0wAlice Create: 2023-02-08 15:12:57 +0000 UTC Push: 2023-02-08 15:12:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0739 Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. CVE project by @Sn0wAlice Create: 2023-02-08 15:12:44 +0000 UTC Push: 2023-02-08 15:12:47 +0000 UTC |

daniel616/CVE-2022-21661-Demo Demonstration of the SQL injection vulnerability in wordpress 5.8.2 Create: 2023-02-08 12:58:57 +0000 UTC Push: 2023-02-08 12:58:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-23026 Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:33 +0000 UTC Push: 2023-02-08 09:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23011 Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:29 +0000 UTC Push: 2023-02-08 09:37:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0736 Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:26 +0000 UTC Push: 2023-02-08 09:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0735 Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:22 +0000 UTC Push: 2023-02-08 09:37:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0731 The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level CVE project by @Sn0wAlice Create: 2023-02-08 09:37:18 +0000 UTC Push: 2023-02-08 09:37:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0730 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request gran CVE project by @Sn0wAlice Create: 2023-02-08 09:37:15 +0000 UTC Push: 2023-02-08 09:37:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0727 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted CVE project by @Sn0wAlice Create: 2023-02-08 09:37:11 +0000 UTC Push: 2023-02-08 09:37:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0723 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 09:37:08 +0000 UTC Push: 2023-02-08 09:37:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0719 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and per CVE project by @Sn0wAlice Create: 2023-02-08 09:37:04 +0000 UTC Push: 2023-02-08 09:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0712 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 09:37:00 +0000 UTC Push: 2023-02-08 09:37:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-47418 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:57 +0000 UTC Push: 2023-02-08 09:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2021-36471 Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. CVE project by @Sn0wAlice Create: 2023-02-08 09:36:53 +0000 UTC Push: 2023-02-08 09:36:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-24828 Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator per CVE project by @Sn0wAlice Create: 2023-02-08 09:36:50 +0000 UTC Push: 2023-02-08 09:36:52 +0000 UTC |