Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin log project admin log vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-1630
The WP-EMail WordPress plugin prior to 2.69.0 does not protect its log deletion functionality with nonce checks, allowing malicious user to make a logged in admin delete logs via a CSRF attack
Wp-email Project Wp-email
6.5
CVSSv3
CVE-2021-24766
The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin prior to 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow malicious user to make a logged in admin delete all of them via a CSRF attack
404 To 301 Project 404 To 301
6.4
CVSSv3
CVE-2021-25115
The WP Photo Album Plus WordPress plugin prior to 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.
Wp Photo Album Plus Project Wp Photo Album Plus
5.5
CVSSv3
CVE-2017-15111
keycloak-httpd-client-install versions prior to 0.8 insecurely creates temporary file allowing local malicious users to overwrite other files via symbolic link.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
7.8
CVSSv3
CVE-2017-15112
keycloak-httpd-client-install versions prior to 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
Keycloak-httpd-client-install Project Keycloak-httpd-client-install
7.7
CVSSv3
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability...
Spring-boot-actuator-logview Project Spring-boot-actuator-logview
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2