115 matches found
CVE-2015-9345
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting...
CVE-2015-9345
CVE-2015-9345 concerns the WordPress plugin Link Log, where versions before 2.0 expose a vulnerability due to HTTP Response Splitting. The affected component is the Link Log plugin for WordPress; the root cause is improper handling/validation of input during command/log construction, enabling hea...
CVE-2015-9344
The CVE-2015-9344 affects the WordPress Link Log plugin prior to version 2.1, with an SQL injection vulnerability caused by lack of validation of externally supplied SQL statements. Public records (NVD/NIST) rate it as high/critical (CVSS2/HIGH, CVSS3/CRITICAL) and indicate network access with no...
CVE-2015-9344
The link-log plugin before 2.1 for WordPress has SQL injection...
Sql injection
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection...
CVE-2017-18573
The CVE-2017-18573 entry concerns the WordPress plugin simple-login-log, vulnerable to SQL injection in versions before 1.1.2. The issue’s root cause is improper handling of SQL queries in the login-logging functionality, enabling an attacker to inject SQL commands. Several connected records (Red...
DEBIAN-CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2014-5072
CVE-2014-5072 affects the WP Security Audit Log WordPress plugin prior to version 1.2.5. The vulnerability is a cross-site request forgery (CSRF) that could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The public records in the connected sources ...
WordPress Activity Log Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers set up a personal blog site. activity Log plugin is used in one of the log plugin. A cross-site scripting vulnerability exists in WordPress...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...
CVE-2018-8729
Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...
CVE-2018-8729
Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...
CVE-2018-8729
CVE-2018-8729 describes multiple Stored XSS flaws in the WordPress Activity Log plugin (aryo-activity-log) prior to 2.4.1. The vulnerability stems from unescaped post/title data stored in logs (e.g., get_the_title calls), allowing remote attackers to inject JavaScript/HTML. Public exploit routes ...
WordPress Activity Log Plugin 2.3.1 - Persistent XSS
Because of this vulnerability, an attacker can inject malicious JavaScript code in to the application. Solution Upgrade the WordPress plugin to the newer stable and safe version...
e107 web portal Referers HTTP Injection
Synopsis: All versions of e107 have a vulnerability that allows html tags and content to be posted to the stats page and to be listed under Referers and may also list a screen size that they wish. Description: All versions of e107 have a vulnerability that allows html tags and content to be poste...