Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions.
Asdqwedev Ajax Domain Checker
NA
CVE-2023-50874
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a up to and...
Connekthq Ajax Load More
NA
CVE-2022-4466
The WordPress Infinite Scroll WordPress plugin prior to 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cro...
Connekthq Ajax Load More
NA
CVE-2023-46069
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions.
Osmansorkar Ajax Archive Calendar
6.4
CVSSv2
CVE-2015-4670
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) prior to 15.1 allows remote malicious users to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
Devexpress Ajax Control Toolkit
6.5
CVSSv2
CVE-2021-24140
Unvalidated input in the Ajax Load More WordPress plugin, versions prior to 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.
Connekthq Ajax Load More
7.5
CVSSv2
CVE-2013-6936
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote malicious users to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
Mybb Ajax Forum Stat 2.0
1 EDB exploit
NA
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
4.3
CVSSv2
CVE-2022-25610
Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an malicious user to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.
Plugin-planet Simple Ajax Chat
5
CVSSv2
CVE-2006-3972
Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote malicious users to read arbitrary files via a .. (dot dot) in the chatid parameter.
Scott Weedon Ajax Chat 0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »