WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2018-1000131

The CVE-2018-1000131 entry affects the WordPress plugin WP Support Plus Responsive Ticket System (versions ≤ 9.0.2). The vulnerability is a SQL Injection in the function that retrieves tickets, where the email parameter stored in a cookie is injected, enabling an attacker to manipulate queries. E...

CVE-2018-1000131

Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site,...

CVE-2017-1000131

Mahara is affected by CVE-2017-1000131: versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2 allow a user to remain logged in after logout when using MNet SSO with Moodle. The root cause is Mahara not properly implementing one of the MNet SSO API functions. Public details...

CVE-2016-1000131

Reflected XSS in wordpress plugin e-search v1.0...

CVE-2016-1000131

Reflected XSS in wordpress plugin e-search v1.0...

CVE-2016-1000131

The CVE refers to WordPress e-search plugin (version 1.0 and earlier) with a reflected cross-site scripting (XSS) vulnerability. The nuclei template specifies exploitation via the title_az.php endpoint, allowing an attacker to execute arbitrary scripts in a user’s browser and potentially steal co...