Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
call to action vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-24870
The WP Fastest Cache WordPress plugin prior to 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow malicious users to make logged in high privilege users call it ...
Wpfastestcache Wp Fastest Cache
151
VMScore
CVE-2015-7494
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain acce...
Ibm Cloud Orchestrator 2.4.0.3
Ibm Cloud Orchestrator 2.5
Ibm Cloud Orchestrator 2.5.01
Ibm Cloud Orchestrator 2.4
Ibm Cloud Orchestrator 2.4.0.2
Ibm Smartcloud Orchestrator 2.3
Ibm Smartcloud Orchestrator 2.3.0.1
Ibm Cloud Orchestrator 2.4.0.1
755
VMScore
CVE-2002-0995
login.php for PHPAuction allows remote malicious users to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Gianluca Baldo Phpauction 1.2
Gianluca Baldo Phpauction 1.3
Gianluca Baldo Phpauction 2.0
Gianluca Baldo Phpauction 2.1
1 EDB exploit
668
VMScore
CVE-2022-1659
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter...
Artbees Jupiterx
641
VMScore
CVE-2007-6049
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
Ibm Db2 Universal Database
668
VMScore
CVE-2022-0885
The Member Hero WordPress plugin up to and including 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
Memberhero Member Hero
445
VMScore
CVE-2022-0424
The Popup by Supsystic WordPress plugin prior to 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated malicious users to call it and get the email addresses of subscribed users
Supsystic Popup
383
VMScore
CVE-2021-24293
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin prior to 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.
383
VMScore
CVE-2021-24843
The SupportCandy WordPress plugin prior to 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow malicious users to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.
Supportcandy Supportcandy
356
VMScore
CVE-2022-0287
The myCred WordPress plugin prior to 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Mycred Mycred
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »