Gin 漏洞列表

WordPress的Ultimate Auction Pro插件在1.5.2及之前所有版本中存在参数为‘auction_id'的SQL注入漏洞，该漏洞源于对用户提供参数转义不充分以及现有SQL查询缺乏充分预处理。这使得未经身份验证的攻击者能够向现有查询附加额外SQL语句，从而从数据库提取敏感信息。

nginxWebUI cmdOver 接口存在远程命令执行漏洞，攻击者通过漏洞可以获取到服务器权限，执行任意命令

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Events Addon for Elementor 2.2.9及之前版本存在跨站脚本漏洞，该漏洞源于输入清理和转义不足，可能导致存储型跨站脚本攻击。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Related Posts Lite 1.12及之前版本存在跨站请求伪造漏洞，该漏洞源于缺少或错误的随机数验证，可能导致跨站请求伪造攻击。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin TablePress 3.2及之前版本存在跨站脚本漏洞，该漏洞源于参数shortcode_debug存在存储型跨站脚本漏洞，可能导致注入任意Web脚本。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Ocean Extra 2.4.9及之前版本存在跨站脚本漏洞，该漏洞源于输入清理和输出转义不足，可能导致存储型跨站脚本攻击。

Engineers Online Portal 1.0 应用程序中的 id 参数my_classmates.php似乎容易受到三种类型的 SQL 注入攻击，即基于布尔的盲注、基于错误的查询和 UNION 查询。payload '+(select load_file('\hh2s4z961nps5mtx8px8zoud248ywq0erhf82yqn.nu11secur1tyexploit.net\ggc'))+' 在 id 参数中提交。此有效负载注入一个 SQL 子查询，该查询使用引用外部域上的 URL 的 UNC 文件路径调用 MySQL 的 load_file 函数。应用程序与该域交互，表明已执行注入的 SQL 查询。此外，用户登录容易受到参数“username”上的 SQL 注入绕过身份验证的攻击。

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

fofa: app="SPIP" 在4.30-alpha2、4.2.13和4.1.16之前的SPIP中使用的porte_plume插件存在任意代码执行漏洞。远程且未经认证的攻击者可以通过发送特制的HTTP请求，以SPIP用户的身份执行任意PHP代码。

Apache DolphinScheduler default admin credentials were discovered. SHODAN: http.title:"DolphinScheduler" FOFA: title="DolphinScheduler"

Damn Vulnerable Web App (DVWA) is a test application for security professionals. The hard coded credentials are part of a security testing scenario. FOFA: app="Damn-Vulnerable-Web-App-(DVWA)-Login"

ExacqVision Web Service default login credentials (admin/admin256) were discovered. FOFA: ExacqVision

Guacamole default admin login credentials were detected.

Inspur Clusterengine version 4 default admin login credentials were successful. FOFA: title="TSCEV4.0"

A StackStorm default admin login was discovered. FOFA: app="stackstorm"

WSO2 Management Console default admin credentials were discovered.

ACEManager was detected. ACEManager is a configuration and diagnostic tool for the Sierra Wireless AirLink Raven modems. FOFA: app="ACEmanager"

An Adminer login panel was detected. app="Adminer"

shodan-query: http.title:'CAS - Central Authentication Service'

GeoServer login panel was detected. shodan-query: title:"GeoServer"

Cloudera Hue default admin credentials were discovered. Fofa： title="Hue - 欢迎使用 Hue" default admin login: admin/admin hue/hue hadoop/hadoop cloudera/cloudera

ZOHO ManageEngine analytics plus panel was detected. FOFA: app="ZOHO-流量管理"

noVNC login panel was detected. Fofa: title="noVNC"

OpenStack Dashboard login panel was detected.

Cobbler default login credentials for the testing module (testing/testing) were discovered. fofa "Cobbler"

FOFA: "csl/login"

Evolucare Ecsimaging download_stats_dicom.php 存在文件读取漏洞,攻击者可利用该漏洞获取系统敏感信息等.漏洞影响:EVOLUCARE Evolucare Ecsimaging 6.21.5 body="ECSimaging"

EVOLUCARE ECSimage是一款国外使用的医疗管理系统，研究发现其new_movie.php接口中存在命令注入漏洞,攻击者可利用该漏洞获取系统敏感信息等.漏洞影响:EVOLUCARE Evolucare Ecsimaging 6.21.5 fofa-query: body="ECSimaging"

海康综合安防管理平台 applyAutoLoginTicket 接口存在 fastjson 反序列化漏洞。攻击者可在未鉴权的情况下，对目标服务器进行远程命令执行，从而获取服务器权限。 Fofa: app="HIKVISION-综合安防管理平台" Fofa: icon_hash="136203464" Hunter: web.icon="753466eed2bbef2bae18b55994d1d2ae"

Fofa: app="Landray-OA系统"

FaFo: body="Metersphere"

A vulnerability in the remote Nginx server could cause the server to merge slashslash together causing what should have protected the web site from a directory traversal vulnerability into a vulnerable server.

Admin类型注入autoKey绕过认证、绕过密码和Google认证获取管理员权限 FOFA: app="nginxWebUI"

FOFA: app="nginxWebUI"

Phpstudy Nginx Wrong Resolve

Fofa: app="万户网络-ezOFFICE"

YonBIP用友商业创新平台，是用友在数字经济时代面向成长型、大型企业及巨型企业，融合了先进且高可用技术平台和公共与关键商业应用与服务，支撑和运行客户的商业创新（业务创新、管理变革），并且具有数字化、智能化、高弹性、安全可信、社会化、全球化、平台化、生态化等特征的综合型服务平台。用友YonBIP yonbiplogin存在任意文件读取漏洞，攻击者可通过该漏洞获取敏感信息。 fofa: title="YonBIP" || title="数字化工作台"

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP ULike Pro 1.9.3及之前版本存在代码问题漏洞，该漏洞源于文件类型验证不足，可能导致任意文件上传。

未授权访问漏洞是指攻击者未经过身份验证或绕过身份验证机制，就能够访问系统资源或执行敏感操作的安全漏洞。这种漏洞可能导致敏感信息泄露、数据篡改、服务中断等严重后果，给系统安全性带来极大威胁。

WordPress Plugin email-subscribers 是一个用于管理电子邮件订阅的插件。该漏洞是由于插件在处理用户输入时未能正确过滤和验证，导致攻击者可以通过构造恶意的SQL语句，执行SQL注入攻击。成功利用此漏洞可能导致数据库信息泄露、数据篡改或进一步的系统入侵。

A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.

The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.

Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.

A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.

A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.

Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.

ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.

The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.

ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.

Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.

BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution.

Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.

Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server.

WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.

The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files.

WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials.

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.

The Adning Advertising plugin for WordPress versions below 1.5.6 is vulnerable to arbitrary file upload, allowing attackers to upload malicious files to the server.

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.

WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.

WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.

The Wordpress plugin WooCommerce PDF Invoices & Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.

The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.

The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.

WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.

Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.

The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727.

Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.

Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.

WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting.

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter.

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution.

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.

The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping.

Login Configurator WordPress plugin <= 2.1 contains a reflected cross-site scripting caused by improper escaping of URL parameter before outputting it to the page, letting attackers execute scripts in the context of site administrators, exploit requires victim to visit a malicious URL.

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sql_error parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape the 'filterType' parameter, leading to Reflected Cross-Site Scripting.

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.

Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect

CrafterCMS Engine is vulnerable to reflected cross-site scripting (XSS) via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the user.

The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98.

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33

The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is not enabled (it is disabled by default).

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary JavaScript code in a victim's browser.

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.

WordPress Automatic plugin <3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.

The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.

The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.

In the latest version (2.8.2 as of writing the article) and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched on the latest version and is tracked as the CVE-2024-43917.

The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

The WordPress File Upload plugin before version 4.24.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'dir' parameter in the file browser page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'nav_sub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other authenticated administrators.

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases .php files can can be uploaded and included, or already exist on the site.

PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access.

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code.

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116.

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which may allow them to execute arbitrary PHP code, depending on the presence of a suitable POP chain on the target system. This vulnerability could lead to full site compromise.

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.

PHPGurukul User Registration & Login and User Management System是PHPGurukul公司的一个用户注册登录及用户管理系统。 PHPGurukul User Registration & Login and User Management System 3.3版本存在注入漏洞，该漏洞源于对文件/admin/user-profile.php中参数uid的错误操作导致SQL注入。

WordPress的SureTriggers插件是一款用于自动化任务的插件，旨在简化用户的工作流程。然而，该插件的所有版本（包括1.0.78版本）中存在身份验证绕过漏洞。漏洞位于'authenticate_user'函数中，由于未对'secret_key'值进行空值检查，攻击者可以利用该漏洞在未配置API密钥的情况下创建管理员账户，从而对目标网站造成严重威胁。

SPIP是一款开源的内容管理系统（CMS），广泛用于创建和管理动态网站。SPIP的BigUp插件在版本4.3.2、4.2.16和4.1.18之前存在命令执行漏洞。攻击者可以通过发送精心构造的多部分文件上传HTTP请求，利用该漏洞执行任意操作系统命令。

R+L Carrier Edition 插件是一款专为 WordPress 用户设计的物流与运输管理工具，通过与 R+L Carriers 的深度集成，提供运费计算、货运跟踪和物流管理功能。该插件的 /wp-admin/admin-ajax.php 接口存在 SQL 注入漏洞，攻击者可以通过构造恶意的 SQL 语句，利用该漏洞获取数据库中的敏感信息，例如管理员后台密码、用户个人信息等，甚至可能进一步向服务器写入恶意代码，获取系统权限。此漏洞可能导致用户数据泄露、数据库篡改以及系统完整性破坏。

Ingress-NGINXController是Kubernetes生态的核心项目之一，作为集群流量入口网关，实现Ingress资源定义的流量路由规则，通过NGINX实现反向代理和负载均衡功能。Kubernetes Ingress-NGINXController 存在未授权远程代码执行漏洞（CVE-2025-1974）,攻击者可以通过该漏洞获取服务器敏感信息，执行恶意命令，控制整个服务器。

漏洞源于 Ingress NGINX Controller 的准入控制器在处理 Ingress 对象时，未对用户输入进行充分验证和清理。攻击者通过向准入控制器发送恶意的 AdmissionReview 请求，可以注入任意 NGINX 配置指令，并在配置验证阶段（使用 nginx -t）触发代码执行。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin what3words Address Field 4.0.15版本及之前版本存在跨站请求伪造漏洞，该漏洞源于包含一个跨站请求伪造 (CSRF) 漏洞。

reNgine是Yogesh Ojha个人开发者的一个用于 Web 应用程序的自动侦察框架。专注于通过引擎、侦察数据关联和组织、持续监控、由数据库和简单而直观的用户界面支持的高度可配置的流线型侦察过程。 reNgine 2.2.0及之前版本存在跨站脚本漏洞，该漏洞源于存在存储型跨站脚本(XSS)漏洞，允许在管理员查看或与受影响的用户条目交互时执行未经授权的脚本，对敏感的管理功能构成重大风险。

reNgine是Yogesh Ojha个人开发者的一个用于 Web 应用程序的自动侦察框架。专注于通过引擎、侦察数据关联和组织、持续监控、由数据库和简单而直观的用户界面支持的高度可配置的流线型侦察过程。 reNgine 2.2.0及之前版本存在访问控制错误漏洞，该漏洞源于允许具有特定角色的攻击者删除系统中的所有项目。

reNgine是Yogesh Ojha个人开发者的一个用于 Web 应用程序的自动侦察框架。专注于通过引擎、侦察数据关联和组织、持续监控、由数据库和简单而直观的用户界面支持的高度可配置的流线型侦察过程。 reNgine 2.2.0及之前版本存在跨站脚本漏洞，该漏洞源于不正确地验证或清理用户输入，会发生HTML注入，从而允许攻击者注入任意HTML代码。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Membership Plugin – Restrict Content 3.2.13及之前版本存在信息泄露漏洞，该漏洞源于核心搜索功能未对搜索结果中的内容访问权限进行严格限制，导致敏感信息泄露。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Flexmls IDX Plugin 3.14.26版本及之前版本存在跨站脚本漏洞，该漏洞源于api_key和api_secret参数包含一个存储型跨站脚本漏洞。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Plethora Plugins Tabs + Accordions 1.1.5版本及之前版本存在跨站脚本漏洞，该漏洞源于网页生成过程中输入的中和不当，导致跨站脚本漏洞。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin RSVP and Event Management Plugin 2.7.14版本及之前版本存在SQL注入漏洞，该漏洞源于SQL命令中所使用的特殊元素的中和不当，导致SQL注入漏洞。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin LH Login Page 2.14版本及之前版本存在跨站脚本漏洞，该漏洞源于网页生成过程中输入的中和不当，导致跨站脚本漏洞。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Social Media Engine 1.0.2版本及之前版本存在跨站脚本漏洞，该漏洞源于在网页生成期间输入中和不当。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin HireHive Job Plugin 2.9.0版本及之前版本存在跨站脚本漏洞，该漏洞源于在网页生成期间输入中和不当。

远程代码执行漏洞是指攻击者通过某些漏洞在服务器上执行任意代码，这通常是由于应用程序对外部输入的验证不足或处理不当造成的。攻击者可以利用这个漏洞上传恶意代码或直接通过HTTP请求发送恶意代码，从而控制服务器，进行包括数据窃取、网站篡改、服务器资源滥用等在内的多种恶意行为。

蓝凌oa办公系统是用于即时办公通讯的oa办公工具。深圳市蓝凌软件股份有限公司数字OA存在任意文件读取漏洞，攻击者可利用该漏洞获取服务器相关信息。

Cisco Identity Services Engine（Cisco ISE）是美国思科（Cisco）公司的一款环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在跨站脚本漏洞，该漏洞源于受影响系统的基于Web的管理界面对用户提供的输入验证不足。经过身份验证的远程攻击者绕过授权机制或进行跨站脚本(XSS)攻击。

Cisco Identity Services Engine（Cisco ISE）是美国思科（Cisco）公司的一款环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在跨站脚本漏洞，该漏洞源于基于Web的管理界面没有正确验证用户提供的输入。远程攻击者对基于Web的管理界面的用户发起跨站脚本(XSS)攻击、执行路径遍历攻击、读取和删除受影响设备上的任意文件，或通过设备发起服务器端请求伪造(SSRF)攻击。

Cisco Identity Services Engine（Cisco ISE）是美国思科（Cisco）公司的一款环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在路径遍历漏洞，该漏洞源于API请求中对用户提供的参数验证不足。远程攻击者对基于Web的管理界面的用户发起跨站脚本(XSS)攻击、执行路径遍历攻击、读取和删除受影响设备上的任意文件，或通过设备发起服务器端请求伪造(SSRF)攻击。

Cisco Identity Services Engine（Cisco ISE）是美国思科（Cisco）公司的一款环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在跨站脚本漏洞，该漏洞源于基于Web的管理界面没有充分验证用户提供的输入。远程攻击者对受影响设备上基于Web的管理界面的用户发起授权绕过攻击和跨站脚本(XSS)攻击。

Cisco Identity Services Engine（Cisco ISE）是美国思科（Cisco）公司的一款环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco Identity Services Engine存在路径遍历漏洞，该漏洞源于API请求中对用户提供的参数验证不足。远程攻击者对基于Web的管理界面的用户发起跨站脚本(XSS)攻击、执行路径遍历攻击、读取和删除受影响设备上的任意文件，或通过设备发起服务器端请求伪造(SSRF)攻击。

F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，在BSD-like协议下发行。 F5 Nginx存在授权问题漏洞，该漏洞源于登录时未检查随机数。