WordPress GD Rating System plugin 2.3 - Directory Traversal vulnerability (3)

A third Directory Traversal vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

CVE-2018-5286

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page...

Directory traversal

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page...

CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page...

WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== WPJobBoard is bundled with 15+ shortcodes, allowing you to easily build completely uniqu...

WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5695 CVE-ID: ======= CVE-2018-5695 Release Date:...

WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5695 CVE-ID: ======= CVE-2018-5695 Release Date:...

PHP Web Stat 4.5.03 Backdoor Account

======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...

CVE-2017-17827

Piwigo 2.9.2 is vulnerable to Cross‑Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. The connected records consistently describe this CSRF issue ...

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

CVE-2017-17775

Piwigo 2.9.2 is vulnerable to a cross-site scripting (XSS) flaw triggered by the name parameter in an admin.php?page=album-3-properties request. The issue affects the web-based photo gallery software as described in CVE-2017-17775; details in connected records confirm the vulnerability class and ...

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

Cross site scripting

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

CVE-2017-16904

The CVE concerns LvyeCMS (admin.php, Public tologin) up to version 3.1 where a crafted username enables cross-site scripting. The underlying cause is mishandling of the username during admin log viewing, allowing an attacker to inject Web script/HTML that is executed in an administrator’s view. S...

PT-2017-14607 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...

PT-2017-14608 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...

CVE-2017-15810

The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...