Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax search vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2587
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote malicious users to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php...
Dragdropcart Dragdropcart -
6 EDB exploits
4.3
CVSSv3
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework up to and including 3.3.8 for WordPress allows authenticated options changes.
Yithemes Yith Woocommerce Wishlist
Yithemes Yith Woocommerce Compare
Yithemes Yith Woocommerce Quick View
Yithemes Yith Woocommerce Zoom Magnifier
Yithemes Yith Woocommerce Ajax Search
Yithemes Yith Woocommerce Badge Management
Yithemes Yith Woocommerce Brands Add-on
Yithemes Yith Woocommerce Request A Quote
Yithemes Yith Woocommerce Social Login
Yithemes Yith Woocommerce Order Tracking
Yithemes Yith Woocommerce Pdf Invoice And Shipping List
Yithemes Yith Pre-order For Woocommerce
Yithemes Yith Woocommerce Advanced Reviews
Yithemes Yith Woocommerce Product Add-ons
Yithemes Yith Woocommerce Gift Cards
Yithemes Yith Woocommerce Subscription
Yithemes Yith Woocommerce Affiliates
Yithemes Yith Woocommerce Cart Messages
Yithemes Yith Woocommerce Product Bundles
Yithemes Yith Woocommerce Frequently Bought Together
Yithemes Yith Woocommerce Multi-step Checkout
Yithemes Yith Color And Label Variations For Woocommerce
NA
CVE-2024-21752
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a up to and including 4.11.4.
NA
CVE-2012-5164
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS prior to 3.2.7 allow remote malicious users to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/mod...
Fork-cms Fork Cms 2.6.2
Fork-cms Fork Cms 2.6.3
Fork-cms Fork Cms 2.3.1
Fork-cms Fork Cms 2.0.1
Fork-cms Fork Cms 2.6.12
Fork-cms Fork Cms 3.1.0
Fork-cms Fork Cms 2.6.4
Fork-cms Fork Cms 2.6.7
Fork-cms Fork Cms 3.1.6
Fork-cms Fork Cms 3.2.1
Fork-cms Fork Cms 2.4.0
Fork-cms Fork Cms 2.4.1
Fork-cms Fork Cms 2.0.2
Fork-cms Fork Cms 3.1.2
Fork-cms Fork Cms 3.0.0
Fork-cms Fork Cms 2.6.9
Fork-cms Fork Cms 2.6.6
Fork-cms Fork Cms 3.2.5
Fork-cms Fork Cms 3.2.4
Fork-cms Fork Cms 3.2.2
Fork-cms Fork Cms 3.1.9
Fork-cms Fork Cms 2.5.1
NA
CVE-2014-4759
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x up to and including 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in...
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.5.0
NA
CVE-2015-6516
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
Cygnux Syspass
1 EDB exploit
5.3
CVSSv3
CVE-2023-6155
The Quiz Maker WordPress plugin prior to 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated malicious user to perform a search for users of the system, ultimately leaking user email addresses.
Ays-pro Quiz Maker
7.2
CVSSv3
CVE-2024-4455
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated m...
6.5
CVSSv3
CVE-2023-26038
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrar...
Zoneminder Zoneminder
5.4
CVSSv3
CVE-2021-24635
The Visual Link Preview WordPress plugin prior to 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and c...
Bootstrapped Visual Link Preview
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »