104 matches found
CVE-2018-5365
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionselectorwplistpagesshowselector parameter to wp-admin/options.php...
Design/Logic Flaw
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...
Design/Logic Flaw
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...
Cross site request forgery (csrf)
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php...
Code injection
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepost parameter to wp-admin/options.php...
Design/Logic Flaw
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepage parameter to wp-admin/options.php...
Code injection
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...
CVE-2018-5365
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionselectorwplistpagesshowselector parameter to wp-admin/options.php...
CVE-2018-5364
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...
CVE-2018-5366
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...
CVE-2018-5363
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...
CVE-2018-5362
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepage parameter to wp-admin/options.php...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
Codilight Premium 1.0.0 - admin/front-end/options.php reset Parameter XSS
The codilight WordPress theme was affected by an admin/front-end/options.php reset Parameter XSS security vulnerability...
GroupDocs Viewer 1.4.1 - options.php Multiple Parameter XSS
The GroupDocs.Viewer for Cloud WordPress plugin was affected by an options.php Multiple Parameter XSS security vulnerability...
WordPress GroupDocs Signature Plugin <= 1.2.0 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in grpdocs-dialog.php and options.php. Solution Update the plugin...
WordPress GroupDocs Viewer Plugin <= 1.4.1 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
WordPress GroupDocs Document Annotation Plugin <= 1.3.8 - XSS
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
WordPress GroupDocs Viewer Plugin <= 1.4.1 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
CVE-2014-4847
Cross-site scripting XSS vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercodeRBannerurlbanner1 parameter in an update action to wp-admin/options.php...