583 matches found
Cross site scripting
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues...
Cross site scripting
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
CVE-2015-9297
The CVE-2015-9297 entry refers to the WordPress Events Manager plugin, affected up to versions earlier than 5.6, which contains an XSS vulnerability in the plugin. The connected Red Hat and CNVD/CVE records corroborate an XSS issue in this plugin. The NVD metrics (CVSS v3.1 base score 6.1 MEDIUM;...
CVE-2015-9298
The CVE-2015-9298 entry concerns the WordPress events-manager plugin, specifically versions prior to 5.6, which is affected by code injection. Multiple sources (NVD entry and repeat citations across Red Hat, CNVD, CVE lists, and WPVulnDB/PT Security) confirm the issue as a code injection flaw in ...
CVE-2015-9299
CVE-2015-9299 is a DOM XSS vulnerability in the WordPress Events Manager plugin prior to 5.5.7.1. The root cause is DOM-based XSS in the events-manager component, leading to potential client-side code execution with low integrity impact and no confidentiality/availability impact according to CVSS...
CVE-2012-6713
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
CVE-2012-6713
The CVE-2012-6713 entry concerns the WordPress Job Manager plugin, specifically versions before 0.7.19, which has multiple XSS issues. The vulnerability arises in the plugin’s handling of input to allow execution of client-side scripts, potentially impacting site visitors. Several connected sourc...
PT-2019-7259 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.5.7 Description: The issue concerns multiple XSS problems. Recommendations: For versions prior to 5.5.7, update to version 5.5.7 or later to resolve the issue...
PT-2019-7257 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.6 Description: The issue concerns code injection in the events-manager plugin for WordPress. Recommendations: For versions prior to 5.6, update to version 5.6 or later to resolve the issue...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
ManageEngine OpManager 12.4x - Privilege Escalation Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Privilege Escalation Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remo...
WordPress Attendance Manager Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Attendance Manager Plugin is an attendance management plugin used in it. A cross-site scripting vulnerability exists in...
CVE-2018-16966
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...
CVE-2018-16966
CVE-2018-16966 concerns the WordPress plugin “mndpsingh287 File Manager” (v3.0) where a CSRF vulnerability exists via the page=wp_file_manager_root public_path parameter. The issue allows an attacker to trigger actions on behalf of a logged-in user (requires user interaction per CVSS3) without au...
CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbemeventreapprovedemailbody parameter to the wp-admin/edit.php?posttype=event&page=events-manager-options URI...
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-16363
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wpfilemanager request because settransient is used in filefoldermanager.php and there is an echo of lang in lib\wpfilemanager.php...
PT-2018-13518 · Mndpsingh287 · Wp File Manager
Name of the Vulnerable Software and Affected Versions: mndpsingh287 File Manager plugin version 2.9 Description: The issue concerns a cross-site scripting XSS problem. It occurs via the lang parameter in a "wp-admin/admin.php?page=wp file manager" request. This happens because set transient is us...