Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2042
Cross-site scripting (XSS) vulnerability in ajax-spell prior to 1.8 allows remote malicious users to inject arbitrary web script or HTML via onmouseover or other events in HTML tags.
Ajax-spell Ajax-spell 1.3
Ajax-spell Ajax-spell 1.4
Ajax-spell Ajax-spell 1.5
Ajax-spell Ajax-spell 1.6
Ajax-spell Ajax-spell 1.2
Ajax-spell Ajax-spell 1.7
Ajax-spell Ajax-spell 1.1
9.8
CVSSv3
CVE-2017-5677
PEAR HTML_AJAX 0.3.0 up to and including 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
Pear Html Ajax 0.5.6
Pear Html Ajax 0.5.4
Pear Html Ajax 0.3.4
Pear Html Ajax 0.3.2
Pear Html Ajax 0.5.3
Pear Html Ajax 0.5.2
Pear Html Ajax 0.5.1
Pear Html Ajax 0.5.0
Pear Html Ajax 0.4.1
Pear Html Ajax 0.3.1
Pear Html Ajax 0.3.0
Pear Html Ajax 0.5.7
Pear Html Ajax 0.5.5
Pear Html Ajax 0.4.0
Pear Html Ajax 0.3.3
NA
CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a &...
Ajax Search Project Ajax Search
NA
CVE-2015-3392
Cross-site scripting (XSS) vulnerability in the Ajax Timeline module prior to 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Ajax Timeline Project Ajax Timeline
6.1
CVSSv3
CVE-2023-1420
The Ajax Search Lite WordPress plugin prior to 4.11.1, Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high...
Ajax Search Project Ajax Search
6.1
CVSSv3
CVE-2023-1435
The Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ajax Search Project Ajax Search
7.5
CVSSv3
CVE-2022-38456
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
Ajax Search Project Ajax Search
7.5
CVSSv3
CVE-2014-2674
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
Ajax-pagination Project Ajax-pagination 1.1
1 EDB exploit
6.1
CVSSv3
CVE-2016-1000127
Reflected XSS in wordpress plugin ajax-random-post v2.00
Ajax-random-post Project Ajax-random-post
8.8
CVSSv3
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows malicious users to inject arbitrary web scrip...
Wpmk Ajax Finder Project Wpmk Ajax Finder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »