Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
admin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-4604
A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remo...
Wp-english-wp-admin Project Wp-english-wp-admin
9.8
CVSSv3
CVE-2022-1390
The Admin Word Count Column WordPress plugin up to and including 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated malicious users to read arbitrary files on server running old version of PHP susceptible to the null byte technique. Th...
Admin Word Count Column Project Admin Word Count Column
4.8
CVSSv3
CVE-2023-23994
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.
Auto Hide Admin Bar Project Auto Hide Admin Bar
7.5
CVSSv3
CVE-2022-1589
The Change wp-admin login WordPress plugin prior to 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Change Wp-admin Login Project Change Wp-admin Login
6.5
CVSSv3
CVE-2021-24784
The WP Admin Logo Changer WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, which could allow malicious users to make a logged in admin update them via a CSRF attack.
Wp Admin Logo Changer Project Wp Admin Logo Changer
5.4
CVSSv3
CVE-2022-28102
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
Php Mysql Admin Panel Generator Project Php Mysql Admin Panel Generator -
1 Github repository
4.3
CVSSv3
CVE-2022-1594
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
5.3
CVSSv3
CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin up to and including 1.4 leaks the secret login URL when sending a specific crafted request
Hc Custom Wp-admin Url Project Hc Custom Wp-admin Url
8.1
CVSSv3
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an act...
Firebase Admin Sdk For Php Project Firebase Admin Sdk For Php
NA
CVE-2000-0707
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and previous versions installs the file dbconnect.inc within the web root, which allows remote malicious users to obtain sensitive information such as the administrative password.
Pccs-linux Mysqldatabase Admin Tool 1.2.3
Pccs-linux Mysqldatabase Admin Tool 1.2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »