Lucene search
K

49 matches found

Cvelist
Cvelist
added 2019/09/26 1:15 a.m.14 views

CVE-2015-9436

The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...

5.4AI score0.01044EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/09/26 12:0 a.m.6 views

PT-2019-7396 · WordPress · Dynamic Widgets

Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a CSRF with resultant XSS. It is exploitable via the "page limit" parameter in the "/wp-admin/themes.php?page=dynwid-config" API endpoint. Recommendations: For...

6.5CVSS6.9AI score0.00881EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2019/09/26 12:0 a.m.6 views

PT-2019-7395 · WordPress · Dynamic Widgets

Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a cross-site scripting XSS problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoin...

5.4CVSS5.9AI score0.01044EPSS
Exploits1References5
Patchstack
Patchstack
added 2015/11/22 12:0 a.m.7 views

WordPress Dynamic Widgets Plugin <= 1.5.10 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/11 12:0 a.m.20 views

Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scripting (XSS) & CSRF

The Dynamic Widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS & CSRF security vulnerability...

4.3CVSS2.3AI score0.01044EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.6 views

Dynamic Widgets <= 1.5.1 - Cross-Site Scripting (XSS)

The Dynamic Widgets WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

2AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2012/05/15 12:0 a.m.33 views

WordPress Dynamic Widgets 1.5.1 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

7AI score
Exploits0
exploitpack
exploitpack
added 2012/05/15 12:0 a.m.10 views

WordPress Plugin Dynamic Widgets 1.5.1 - themes.php Cross-Site Scripting

WordPress Plugin Dynamic Widgets 1.5.1 - themes.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53513/info Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/15 12:0 a.m.27 views

WordPress Plugin Dynamic Widgets 1.5.1 - &#039;themes.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/53513/info Dynamic Widgets plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

7AI score
Exploits0
Rows per page
Query Builder