654 matches found
CVE-2012-2109
The CVE-2012-2109 entry relates to a SQL injection in the BuddyPress WordPress plugin (1.5.x before 1.5.5) triggered via the page parameter in an activity_widget_filter action. Affected component is BuddyPress plugin for WordPress; root cause is unsafely constructed SQL from user-controllable inp...
CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...
SQL injection in Wordpress plugin Buddypress
Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...
WordPress Buddypress SQL Injection
Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...
Wordpress plugin Buddypress remote SQL injection and fix-vulnerability warning-the black bar safety net
Title: Buddypress plugin of Wordpress remote SQL Injection Author: Ivan Terkin Type: Remote Exploit Vulnerability: Remote SQL Injection Software download address: buddypress.org Affects versions: 1.5.5 and below Test platform: Buddypress 1.5.4 POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host:...
Wordpress BuddyPress plugin SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress 1.5.4 PO...
WordPress Plugin BuddyPress Plugin 1.5.x 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x 1.5.5 - SQL Injection Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress...
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection
Exploit Title: Buddypress plugin of Wordpress remote SQL Injection Date: March 31, 2012 Author: Ivan Terkin Exploitation: Remote Exploit Bug: Remote SQL Injection Software Link: buddypress.org Version: till 1.5.5 Tested on: Buddypress 1.5.4 POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host:...
WordPress BuddyPress Plugin 1.5.5 - Remote SQL Injection
Buddypress plugin is prone to Remote SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
Buddypress <= 1.5.4 - SQL Injection
The BuddyPress WordPress plugin was affected by a SQL Injection security vulnerability...
WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection
source: https://www.securityfocus.com/bid/49765/info Multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victi...
WordPress Plugin BuddyPress 1.2.10 WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) - Regular Subscriber HTML Injection
WordPress Plugin BuddyPress 1.2.10 WordPress Theme DEV Blogs Mu 1.2.6 WordPress 3.1.4 - Regular Subscriber HTML Injection source: https://www.securityfocus.com/bid/49765/info Multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied...
WordPress BuddyPress Plugin 1.2.10 - HTML Injection Vulnerability
BuddyPress plugin is prone to an HTML-injection vulnerability because of failure to sufficiently clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser in the context of the affected websites. In this way an attacker can steal cookie-based authenticati...
HTB22955: Path disclosure in BuddyPress WordPress plugin
Vulnerability ID: HTB22955 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbuddypresswordpressplugin.html Product: BuddyPress Vendor: BuddyPress http://buddypress.org/ Vulnerable Version: 1.2.8 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credi...