simone quatrini vulnerabilities and exploits

(subscribe to this query)

The WPGraphQL 0.2.3 plugin for WordPress allows remote malicious users to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.

Wpengine Wpgraphql 0.2.3

1 EDB exploit

An issue exists in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

Wpengine Wpgraphql 0.2.3

1 EDB exploit

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

Wpengine Wpgraphql 0.2.3

1 EDB exploit

Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM prior to 5.0.9 allow remote malicious users to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/roll...

Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM prior to 5.2 allows remote malicious users to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.

1 EDB exploit

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.

1 EDB exploit

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook