WordPress Duplicate Page or Post plugin <= 1.5.0 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Duplicate Page or Post plugin versions = 1.5.0. Solution Update the WordPress Duplicate Page or Post plugin to the latest available version at least 1.5.1...

CVE-2021-43408

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

CVE-2021-43408

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

Sql injection

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. PoC 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users Contributor to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit WPScanTeam: The https://wordpress.org/plugins/themify-portfolio-post/ plugin...

CVE-2020-8799

CVE-2020-8799 is a stored XSS in the WordPress plugin WTI Like Post (up to version 1.4.5) . The vulnerability arises from data submitted by an administrator being stored and subsequently executed in visitors’ browsers, enabling script execution for all site users. Documents do not specify a fix v...

WordPress duplicate-post plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress duplicate-post plugin. An attacker can exploit th...

CVE-2014-10378

The duplicate-post plugin before 2.6 for WordPress has XSS...

Sql injection

The duplicate-post plugin before 2.6 for WordPress has SQL injection...

CVE-2014-10379

CVE-2014-10379 affects the WordPress WordPress Duplicate Post plugin. The connected documents consistently describe a SQL injection vulnerability in the plugin’s code path related to the duplication feature, with the plugin version before 2.6 identified as affected. The root cause is a SQL inject...

CVE-2018-16299

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...

Directory traversal

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...

CVE-2018-16299

CVE-2018-16299 : WordPress Localize My Post 1.0 is vulnerable to Local File Inclusion via the ajax/include.php parameter. The vulnerability stems from insufficient validation of the file parameter, enabling an attacker to read arbitrary server files. Affected: WordPress Localize My Post 1.0 plugi...

WordPress Frontier Post Plugin - Bypass

This plugin is prone to a publishing posts security bypass vulnerability. Solution Update this plugin...

Amazon Product In a Post Plugin - SQL Injection

amazon-product-in-a-post.php - this plugin takes raw user values and uses it delete from the database. This query can be manipulated to perform SQL injection attacks. Line 40: $tempswe = $wpdb-query"DELETE FROM $wpdb-prefixamazoncache WHERE Cacheid ='$wp-queryvars'appip-cache-id'' LIMIT 1;"; sqlm...

WordPress Tweet Old Post plugin <= 3.2.5 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Tweet Old Post plugin = 3.2.5 SQL Injection Vulnerability Date: 2011-09-05 Author: sherl0ck sherl0ck at alligatorteam dot org Software Link: http://downloads.wordpress.org/plugin/tweet-old-post.zip Version: 3.2.5 tested --------------- P...

Cross site scripting

Cross-site scripting XSS vulnerability in postalert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2011-5107

CVE-2011-5107 is an XSS in the WordPress plugin Alert Before Your Post (post_alert.php) affecting possibly version 0.1.1 and earlier. The vulnerability allows an attacker to inject arbitrary script via the name parameter, potentially affecting a user’s browser context. Remediation: update to the ...

WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability

The Light Post WordPress Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...