Search Results | AttackerKB

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2021-25073

Disclosure Date: January 24, 2022 (last updated February 23, 2025)

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack

Attacker Value

Unknown

CVE-2015-9397

Disclosure Date: September 20, 2019 (last updated November 27, 2024)

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2015-9398

Disclosure Date: September 20, 2019 (last updated November 27, 2024)

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2013-2700

Disclosure Date: May 14, 2014 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.

4 Total Results

Displaying 1-4 of 4

Unknown

CVE-2021-25073

Unknown

CVE-2015-9397

Unknown

CVE-2015-9398

Unknown

CVE-2013-2700

Quick Cookie Notification