WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure

Because of this vulnerability, any user, who is registered, can perform many AJAX requests and in that way get all contents of "usermeta" DB table. Solution Upgrade to version 3.4.8...

WordPress User Meta Manager Plugin 3.4.6 - Privilege Escalation

Because of this vulnerability, a registered user can modify the meta information. Solution Update the plugin...

WordPress Job Manager Plugin <= 0.7.24 - Cross Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because authenticated administrators can inject HTML or JS code. Vulnerable parameter is "jobman-rating". Solution Update the plugin...

CVE-2015-2321

Cross-site scripting XSS vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field...

CVE-2015-2321

The CVE-2015-2321 entry applies to the WordPress Job Manager plugin (Job Manager Plugin for WordPress) version

WordPress Job Manager Plugin 0.7.22 - Persistent XSS

Job Manager plugin is prone to a persistent XSS vulnerability, because email field was not sanitized. It allows an attacler to steal cookies or perform phishing attacks. Other attacks are also possible. Solution Update the plugin...

WordPress Smart Manager Plugin <= 3.9.6 - SQL Injection

Because of this vulnerability, unauthenticated remote attackers can execute arbitrary SQL commands. Solution Update the plugin...

N-Media File Uploader <= 3.7 - Arbitrary File Upload

The Frontend File Manager Plugin WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

WordPress Events Manager Plugin <= 5.3.8 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress Plugin SP Project &amp; Document Manager 2.5.3 - Blind SQL Injection

Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com Software Link:...

Open redirect

Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter...

WordPress Ad-Manager 1.1.2 Open Redirect

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication:...

WordPress Download Manager Plugin - Arbitrary File Download

Because of this vulnerability, the attackers can read arbitrary files in the "fname" parameter to views/filedownload.php or filedownload.php. Solution Update the plugin...

CVE-2014-4517

The CVE-2014-4517 entry concerns the WordPress plugin CBI Referral Manager (versions up to 1.2.1). The vulnerability is a Cross‑Site Scripting (XSS) flaw in getNetworkSites.php, exploitable via the searchString parameter, enabling remote attackers to inject arbitrary script/HTML. This is supporte...

WordPress Ad Manager Plugin <=1.1.2 - Open Redirect

This vulnerability is in the track-click.php. It allows the attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "out" parameter. Solution Update the plugin...

WordPress Premium Gallery Manager Plugin - Unauthenticated Configuration Access

WordPress Premium Gallery Manager plugin is prone to a unauthenticated configuration access vulnerability. It allows an attacker to change the default configuration without proper authentication. Other attacks are also possible. Solution Upgrade the plugin...

IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure

The faqs-manager WordPress plugin was affected by a CAPTCHA Value Disclosure security vulnerability...

Frog CMS 0.9.5 - Arbitrary File Upload

Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...

CVE-2013-7319

CVE-2013-7319 concerns the WordPress Download Manager plugin prior to version 2.5.9. The vulnerability is a cross-site scripting (XSS) flaw in the title field, where user-supplied input can be injected as script/HTML and executed in the context of the affected site. The issue arises from insuffic...

CVE-2012-6628

Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...