unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4227
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:51 +0000 UTC Push: 2022-12-27 16:37:54 +0000 UTC |
Live-Hack-CVE/CVE-2022-4226
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:47 +0000 UTC Push: 2022-12-27 16:37:50 +0000 UTC |
Live-Hack-CVE/CVE-2022-4197
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:44 +0000 UTC Push: 2022-12-27 16:37:46 +0000 UTC |
Live-Hack-CVE/CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's dat CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:40 +0000 UTC Push: 2022-12-27 16:37:43 +0000 UTC |
Live-Hack-CVE/CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:37 +0000 UTC Push: 2022-12-27 16:37:39 +0000 UTC |
Live-Hack-CVE/CVE-2022-4164
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive informat CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:34 +0000 UTC Push: 2022-12-27 16:37:35 +0000 UTC |
Live-Hack-CVE/CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively. This may allow malicious users with at least author pri CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:30 +0000 UTC Push: 2022-12-27 16:37:32 +0000 UTC |
Live-Hack-CVE/CVE-2022-4162
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's datab CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:26 +0000 UTC Push: 2022-12-27 16:37:29 +0000 UTC |
Live-Hack-CVE/CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from t CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:23 +0000 UTC Push: 2022-12-27 16:37:25 +0000 UTC |
Live-Hack-CVE/CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privilege to leak sensitive i CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:19 +0000 UTC Push: 2022-12-27 16:37:21 +0000 UTC |
Live-Hack-CVE/CVE-2022-4159
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's d CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:16 +0000 UTC Push: 2022-12-27 16:37:18 +0000 UTC |
Live-Hack-CVE/CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:12 +0000 UTC Push: 2022-12-27 16:37:14 +0000 UTC |
Live-Hack-CVE/CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configuratio CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:09 +0000 UTC Push: 2022-12-27 16:37:11 +0000 UTC |
Live-Hack-CVE/CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:05 +0000 UTC Push: 2022-12-27 16:37:07 +0000 UTC |
Live-Hack-CVE/CVE-2022-4155
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurati CVE project by @Sn0wAlice
Create: 2022-12-27 16:37:01 +0000 UTC Push: 2022-12-27 16:37:04 +0000 UTC |
Live-Hack-CVE/CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the sit CVE project by @Sn0wAlice
Create: 2022-12-27 16:36:58 +0000 UTC Push: 2022-12-27 16:37:00 +0000 UTC |
Live-Hack-CVE/CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from CVE project by @Sn0wAlice
Create: 2022-12-27 16:36:54 +0000 UTC Push: 2022-12-27 16:36:57 +0000 UTC |
Live-Hack-CVE/CVE-2022-4152
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's datab CVE project by @Sn0wAlice
Create: 2022-12-27 16:36:51 +0000 UTC Push: 2022-12-27 16:36:53 +0000 UTC |
Live-Hack-CVE/CVE-2022-4151
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the sit CVE project by @Sn0wAlice
Create: 2022-12-27 16:36:20 +0000 UTC Push: 2022-12-27 16:36:22 +0000 UTC |
Live-Hack-CVE/CVE-2022-4150
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitiv CVE project by @Sn0wAlice
Create: 2022-12-27 16:36:17 +0000 UTC Push: 2022-12-27 16:36:19 +0000 UTC |
Previous
885
886
887
888
889
890
891
892
Next