Live-Hack-CVE/CVE-2023-0740 Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. CVE project by @Sn0wAlice Create: 2023-02-08 19:37:08 +0000 UTC Push: 2023-02-08 19:37:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-43761 Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. CVE project by @Sn0wAlice Create: 2023-02-08 19:37:04 +0000 UTC Push: 2023-02-08 19:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-2094 The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting CVE project by @Sn0wAlice Create: 2023-02-08 19:37:00 +0000 UTC Push: 2023-02-08 19:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0726 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 15:13:33 +0000 UTC Push: 2023-02-08 15:13:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0725 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted t CVE project by @Sn0wAlice Create: 2023-02-08 15:13:30 +0000 UTC Push: 2023-02-08 15:13:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-0724 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted the CVE project by @Sn0wAlice Create: 2023-02-08 15:13:26 +0000 UTC Push: 2023-02-08 15:13:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0722 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted the CVE project by @Sn0wAlice Create: 2023-02-08 15:13:22 +0000 UTC Push: 2023-02-08 15:13:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0720 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and p CVE project by @Sn0wAlice Create: 2023-02-08 15:13:19 +0000 UTC Push: 2023-02-08 15:13:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0717 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perfo CVE project by @Sn0wAlice Create: 2023-02-08 15:13:15 +0000 UTC Push: 2023-02-08 15:13:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0716 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:12 +0000 UTC Push: 2023-02-08 15:13:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0715 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perfor CVE project by @Sn0wAlice Create: 2023-02-08 15:13:08 +0000 UTC Push: 2023-02-08 15:13:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0711 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:04 +0000 UTC Push: 2023-02-08 15:13:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-0685 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request grant CVE project by @Sn0wAlice Create: 2023-02-08 15:13:01 +0000 UTC Push: 2023-02-08 15:13:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-0684 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and pe CVE project by @Sn0wAlice Create: 2023-02-08 15:12:57 +0000 UTC Push: 2023-02-08 15:12:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0739 Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. CVE project by @Sn0wAlice Create: 2023-02-08 15:12:44 +0000 UTC Push: 2023-02-08 15:12:47 +0000 UTC |

daniel616/CVE-2022-21661-Demo Demonstration of the SQL injection vulnerability in wordpress 5.8.2 Create: 2023-02-08 12:58:57 +0000 UTC Push: 2023-02-08 12:58:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-23026 Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:33 +0000 UTC Push: 2023-02-08 09:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23011 Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:29 +0000 UTC Push: 2023-02-08 09:37:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0736 Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:26 +0000 UTC Push: 2023-02-08 09:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0735 Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:22 +0000 UTC Push: 2023-02-08 09:37:24 +0000 UTC |