Live-Hack-CVE/CVE-2022-2094 The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting CVE project by @Sn0wAlice Create: 2023-02-08 19:37:00 +0000 UTC Push: 2023-02-08 19:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-0726 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted th CVE project by @Sn0wAlice Create: 2023-02-08 15:13:33 +0000 UTC Push: 2023-02-08 15:13:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0725 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted t CVE project by @Sn0wAlice Create: 2023-02-08 15:13:30 +0000 UTC Push: 2023-02-08 15:13:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-0724 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted the CVE project by @Sn0wAlice Create: 2023-02-08 15:13:26 +0000 UTC Push: 2023-02-08 15:13:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0722 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted the CVE project by @Sn0wAlice Create: 2023-02-08 15:13:22 +0000 UTC Push: 2023-02-08 15:13:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0720 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and p CVE project by @Sn0wAlice Create: 2023-02-08 15:13:19 +0000 UTC Push: 2023-02-08 15:13:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0717 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perfo CVE project by @Sn0wAlice Create: 2023-02-08 15:13:15 +0000 UTC Push: 2023-02-08 15:13:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0716 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:12 +0000 UTC Push: 2023-02-08 15:13:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0715 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perfor CVE project by @Sn0wAlice Create: 2023-02-08 15:13:08 +0000 UTC Push: 2023-02-08 15:13:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0711 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform CVE project by @Sn0wAlice Create: 2023-02-08 15:13:04 +0000 UTC Push: 2023-02-08 15:13:07 +0000 UTC |

Live-Hack-CVE/CVE-2023-0685 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request grant CVE project by @Sn0wAlice Create: 2023-02-08 15:13:01 +0000 UTC Push: 2023-02-08 15:13:03 +0000 UTC |

Live-Hack-CVE/CVE-2023-0684 The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and pe CVE project by @Sn0wAlice Create: 2023-02-08 15:12:57 +0000 UTC Push: 2023-02-08 15:12:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0739 Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. CVE project by @Sn0wAlice Create: 2023-02-08 15:12:44 +0000 UTC Push: 2023-02-08 15:12:47 +0000 UTC |

daniel616/CVE-2022-21661-Demo Demonstration of the SQL injection vulnerability in wordpress 5.8.2 Create: 2023-02-08 12:58:57 +0000 UTC Push: 2023-02-08 12:58:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-23026 Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:33 +0000 UTC Push: 2023-02-08 09:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23011 Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:29 +0000 UTC Push: 2023-02-08 09:37:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0736 Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:26 +0000 UTC Push: 2023-02-08 09:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0735 Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. CVE project by @Sn0wAlice Create: 2023-02-08 09:37:22 +0000 UTC Push: 2023-02-08 09:37:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0731 The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level CVE project by @Sn0wAlice Create: 2023-02-08 09:37:18 +0000 UTC Push: 2023-02-08 09:37:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0730 The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request gran CVE project by @Sn0wAlice Create: 2023-02-08 09:37:15 +0000 UTC Push: 2023-02-08 09:37:17 +0000 UTC |