This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.
WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit allows an unauthenticated attacker to execute arbitrary code on the vulnerable Storage Unit Rental Management System 1.0. The attacker can send a malicious request with a crafted payload to the vulnerable application, which will then be executed on the server. The payload is sent as a multipart/form-data request with a filename containing the malicious code.
WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue.
WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
A vulnerability has been discovered in FatPipe Networks WARP/IPVPN/MPVPN 10.2.2, which can be exploited by malicious people to gain escalated privileges. The vulnerability is caused due to an unspecified error and can be exploited to gain escalated privileges by sending a specially crafted request to the vulnerable service. Successful exploitation requires that the attacker has access to the local network.
A hidden backdoor account with write access was discovered in FatPipe Networks WARP/IPVPN/MPVPN 10.2.2. This backdoor account can be used to gain access to the system and modify the configuration.
A vulnerability in FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 allows an unauthenticated attacker to download the configuration file of the device. This can be done by sending a specially crafted HTTP request to the device. The configuration file contains sensitive information such as usernames, passwords, and IP addresses.
Improper access conrol in FatPipe Networks WARP 10.2.2 allows an attacker to bypass authentication and gain access to the system.
Services By CQR