Lucene search
K

47 matches found

CNVD
CNVD
added 2015/05/11 12:0 a.m.5 views

WordPress plugin Yet Another Related Posts '/wp-admin/options-general.php' cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.Yet Another Related Posts Plugin for WordPress is a wordpress plugin. The WordPress plugin Yet Another Related Posts...

6.7AI score
Exploits0References1
Prion
Prion
added 2015/01/08 3:59 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...

6.8CVSS6.7AI score0.01151EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2015/01/08 12:0 a.m.2 views

WordPress plugin Banner Effect Header 'options-general.php' cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Banner Effect Header 'options-general.php' as it fails to...

6.8CVSS6.5AI score0.01151EPSS
Exploits1References1
NVD
NVD
added 2014/12/19 3:59 p.m.13 views

CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...

6.8CVSS6.6AI score0.01015EPSS
Exploits2References2
Cvelist
Cvelist
added 2014/12/19 3:0 p.m.20 views

CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...

6.6AI score0.01015EPSS
Exploits2References2
CVE
CVE
added 2014/12/19 3:0 p.m.48 views

CVE-2014-9338

CVE-2014-9338 concerns the WordPress plugin O2Tweet (versions 0.0.4 and earlier). The connected documents describe multiple CSRF vulnerabilities that allow remote attackers to hijack an administrator’s authentication for requests that trigger cross-site scripting (XSS) via the parameters o2t_user...

6.8CVSS6.8AI score0.01001EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2014/11/26 3:59 p.m.18 views

CVE-2014-9100

Cross-site scripting XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydoworkadsense page to wp-admin/options-general.php...

4.3CVSS5.8AI score0.01633EPSS
Exploits1References2
Rows per page
Query Builder