Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-2674
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
Ajax-pagination Project Ajax-pagination 1.1
1 EDB exploit
4.3
CVSSv2
CVE-2016-1000127
Reflected XSS in wordpress plugin ajax-random-post v2.00
Ajax-random-post Project Ajax-random-post
6.8
CVSSv2
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows malicious users to inject arbitrary web scrip...
Wpmk Ajax Finder Project Wpmk Ajax Finder
7.5
CVSSv2
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote malicious users to perform arbitrary file uploads or execute arbitrary code.
Telerik Ui For Asp.net Ajax 2017.2.621
Telerik Ui For Asp.net Ajax 2017.2.503
Telerik Ui For Asp.net Ajax
1 EDB exploit
7 Github repositories
5
CVSSv2
CVE-2018-15876
An issue exists in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as o...
Ajax Bootmodal Login Project Ajax Bootmodal Login 1.4.3
6.4
CVSSv2
CVE-2006-2344
SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote malicious users to execute arbitrary SQL commands via the ubild parameter.
Ajax Softwares Alipager 1.00
Ajax Softwares Alipager 1.12
5
CVSSv2
CVE-2016-10929
The advanced-ajax-page-loader plugin prior to 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
Advanced Ajax Page Loader Project Advanced Ajax Page Loader
NA
CVE-2023-2027
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthe...
Zm Ajax Login & Register Project Zm Ajax Login & Register
7.5
CVSSv2
CVE-2007-1982
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/...
Really Simple Php And Ajax Really Simple Php And Ajax
1 EDB exploit
4.3
CVSSv2
CVE-2014-4958
Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote malicious users to inject arbitrary web script or HTML via CSS expressions in style attributes.
Telerik Asp.net Ajax Radeditor Control
Telerik Asp.net Ajax Radeditor Control 2009.3.1208.20
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »