DEBIAN-CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0576

The CVE-2018-0576 issue concerns the WordPress plugin Events Manager (prior to version 5.9). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary script or HTML via unspecified vectors, potentially executing in a logged-in user’s browser. Af...

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

PT-2018-18784 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions prior to 5.8.1.2 Description: The issue allows for XSS via the mapTitle parameter in the Google Maps miniature within the events-manager.js file. Recommendations: For versions prior to 5.8.1.2, update to version...

File Manager <= 5.0.0 - Information Disclosure

The Giribaz File Manager plugin logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If user edits wp-config.php file using this plugin, the wp-config.php contents get added to the file which is not protected and contains database credentials, salts, etc. These files...

CVE-2017-18032

The CVE refers to the WordPress Download Manager plugin. Affected component: download-manager plugin for WordPress, vulnerable before version 2.9.52. Root cause: XSS via the id parameter in the wpdm_generate_password action targeting wp-admin/admin-ajax.php. Impact: cross-site scripting could all...

CVE-2015-6668

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...

CVE-2015-6668

The WordPress Job Manager plugin vulnerable versions before 0.7.25 allow remote attackers to read arbitrary CV files via an insecure direct object reference by brute-forcing the WordPress upload directory. Impact: CV file disclosure; attack vector: network, no authentication required. Remediation...

CVE-2015-7806

Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-7806

Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-7806

The CVE-2015-7806 issue affects the WordPress Form Manager plugin (prior to 1.7.3). The vulnerability is in the fm_saveHelperGatherItems function of ajax.php, enabling remote code execution via unspecified vectors. Multiple sources confirm RCE potential, including CNVD and WPVulndB entries noting...

CVE-2017-11611

Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...

WordPress download manager plugin elevation of privilege vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WordPress Download Manager is one of the file download management plugin. A security vulnerability exists in the...

CVE-2014-9260

The CVE-2014-9260 entry concerns the WordPress Download Manager plugin. The vulnerability is in the basic_settings function of the plugin before version 2.7.3, which allows remote authenticated users to update every WordPress option. This privilege escalation enables an attacker with existing WP ...

WordPress WooCommerce Stock Manager Plugin <= 1.0.7 - Authenticated Product Settings Change Vulnerability

In the function function stockmanagersaveoneproductstockdata, doesn't check for user capabilities so any logged in user can change the settings. Solution Update the plugin...

Wordpress Download Manager plugin cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress Download Manager plugin. An attacker can exploit the...

WordPress SP Projects and Document Manager Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress SP Projects and Document Manager Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...