CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

Sql injection

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and eventform.php code do not sanitize input, this allows for blind SQL injection via the event parameter...

CVE-2017-14241

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

CVE-2017-9603

SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php...

wdCalendar 2 SQL Injection

Exploit Title: wdcalendar version 2 sql injection vulnerability Google Dork: allinurl:"wdcalendar/edit.php" Date: 12/09/2016 Exploit Author: Alfonso Castillo Angel Software Link: https://github.com/ronisaha/wdCalendar Version: Version 2 Tested on: Windows 7 ultimate Category: webapps Affected fil...

wdCalendar 2 - SQL Injection

Exploit for php platform in category web applications Exploit Title: wdcalendar version 2 sql injection vulnerability Google Dork: allinurl:"wdcalendar/edit.php" Date: 12/09/2016 Exploit Author: Alfonso Castillo Angel Software Link: https://github.com/ronisaha/wdCalendar Version: Version 2 Tested...

WordPress Ninja Forms 2.9.51 Cross Site Scripting

------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

WordPress Simpel Reserveren 3 Plugin <= 3.5.2 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable page appears to send unsanitized data back to the users browser. Vulnerable file is /simpel-reserveren/edit.php. Solution Update the plugin...

CVE-2015-5481

Cross-site scripting XSS vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

Directory traversal

Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. dot dot in the tab parameter in the gdbbpressattachments page to wp-admin/edit.php...

CVE-2015-5481

The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...

CVE-2015-5485

Cross-site scripting XSS vulnerability in the Event Import page import-eventbrite-events.php in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php...

Wordpress CP Multi View Event Calendar Plugin 1.1.7 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress cp-multi-view-calendar.1.1.7 Unauthenticated SQL injection vulnerabilities Date: 2015-07-10 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez Martinez i0akiN...

WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection

WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection Exploit Title: WordPress cp-multi-view-calendar.1.1.7 Unauthenticated SQL injection vulnerabilities Date: 2015-07-10 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez...

WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection

Exploit Title: WordPress cp-multi-view-calendar.1.1.7 Unauthenticated SQL injection vulnerabilities Date: 2015-07-10 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage:...

CVE-2015-5355

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 post-content or 2 post-title parameter to admin/edit.php...

CVE-2014-1836

ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...

WordPress Car Demon Plugin <= 1.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in /wp-admin/post.php and /wp-admin/edit.php multiple parameters. Solution Update the plugin...

ProjectSend r561 - SQL injection vulnerability

Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi phi.n.le itas vn & ITAS Team www.itas....