unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-4765
The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice
Create: 2023-02-07 08:06:08 +0000 UTC Push: 2023-02-07 08:06:10 +0000 UTC |
Live-Hack-CVE/CVE-2022-4787
Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-02-07 08:06:03 +0000 UTC Push: 2023-02-07 08:06:05 +0000 UTC |
Live-Hack-CVE/CVE-2022-4781
The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-02-07 08:05:59 +0000 UTC Push: 2023-02-07 08:06:02 +0000 UTC |
Live-Hack-CVE/CVE-2022-4747
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high priv CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:53 +0000 UTC Push: 2023-02-07 05:52:55 +0000 UTC |
Live-Hack-CVE/CVE-2022-4717
The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as a CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:49 +0000 UTC Push: 2023-02-07 05:52:51 +0000 UTC |
Live-Hack-CVE/CVE-2022-4681
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:46 +0000 UTC Push: 2023-02-07 05:52:48 +0000 UTC |
Live-Hack-CVE/CVE-2022-4677
The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:42 +0000 UTC Push: 2023-02-07 05:52:44 +0000 UTC |
Live-Hack-CVE/CVE-2022-4674
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:38 +0000 UTC Push: 2023-02-07 05:52:41 +0000 UTC |
Live-Hack-CVE/CVE-2022-4670
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:35 +0000 UTC Push: 2023-02-07 05:52:37 +0000 UTC |
Live-Hack-CVE/CVE-2022-4664
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:31 +0000 UTC Push: 2023-02-07 05:52:33 +0000 UTC |
Live-Hack-CVE/CVE-2022-4577
The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:27 +0000 UTC Push: 2023-02-07 05:52:29 +0000 UTC |
Live-Hack-CVE/CVE-2022-4489
The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:23 +0000 UTC Push: 2023-02-07 05:52:26 +0000 UTC |
Live-Hack-CVE/CVE-2022-4459
The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:20 +0000 UTC Push: 2023-02-07 05:52:22 +0000 UTC |
Live-Hack-CVE/CVE-2022-4384
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:16 +0000 UTC Push: 2023-02-07 05:52:18 +0000 UTC |
Live-Hack-CVE/CVE-2022-32655
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:12 +0000 UTC Push: 2023-02-07 05:52:15 +0000 UTC |
Live-Hack-CVE/CVE-2022-32643
In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:07 +0000 UTC Push: 2023-02-07 05:52:10 +0000 UTC |
Live-Hack-CVE/CVE-2017-20177
A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:04 +0000 UTC Push: 2023-02-07 05:52:06 +0000 UTC |
Live-Hack-CVE/CVE-2023-0252
The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice
Create: 2023-02-07 05:52:00 +0000 UTC Push: 2023-02-07 05:52:02 +0000 UTC |
Live-Hack-CVE/CVE-2023-0234
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:56 +0000 UTC Push: 2023-02-07 05:51:59 +0000 UTC |
Live-Hack-CVE/CVE-2023-0170
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-02-07 05:51:53 +0000 UTC Push: 2023-02-07 05:51:55 +0000 UTC |
Previous
405
406
407
408
409
410
411
412
Next