6233 matches found
Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection
SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. PoC Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo -...
WordPress 4.0.x < 4.0.30 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 5.3.x < 5.3.3 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.9.x < 4.9.14 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.8.x < 4.8.13 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.7.x < 4.7.17 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 5.0.x < 5.0.9 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 3.9.x < 3.9.31 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 5.4.x < 5.4.1 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.3.x < 4.3.23 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.2.x < 4.2.27 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 5.2.x < 5.2.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.1.x < 4.1.30 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 4.6.x < 4.6.18 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 3.7.x < 3.7.33 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
WordPress 3.8.x < 3.8.33 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Six cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An remote attacker can exploit these, by convincing a user to click a...
Fedora 30 : wordpress (2020-fa71ca92f8)
WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...
Fedora 31 : wordpress (2020-7701f49327)
WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...
Private Posts Disclosure
Wordpress is vulnerable to private posts disclosure. The posts which were previously set to public can be leaked under some specific conditions...
DEBIAN-CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release 5.3.3, 5.2.6, 5.1.5, 5.0.9,...