318 matches found
CVE-2017-16842
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-16842
Cross-site scripting XSS vulnerability in admin/googlesearchconsole/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML...
vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...
OLX: Multiple vulnerabilities in http://blog.dubizzle.com/uae
http://blog.dubizzle.com/uae/ uses outdated Yoast Seo plugin which has following vulnerabilities: ! Title: Yoast SEO = 3.2.4 - Subscriber Settings Sensitive Data Exposure Reference: https://wpvulndb.com/vulnerabilities/8487 ! Title: Yoast SEO = 3.2.5 - Unspecified Cross-Site Scripting XSS...
WordPress All in One SEO Pack Plugin HTML Injection Vulnerability
WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation.All in One SEO Pack is one of the SEO optimized plugins. An HTML injection vulnerability exists in the WordPress All in One SEO Pack plugin version 2.3.6.1, which can be exploited by an attacker to...
WordPress Greg's High Performance SEO Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Greg's High Performance SEO plugin due to the program failing to properly filter user-supplied input. A...
Popular WordPress SEO Plugin Fixes XSS Bug
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two year...
Yoast SEO <= 2.1.1 - Authenticated Stored DOM XSS
The "snippet preview" functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2. PoC Vulnerable URL: /wp-admin/post-new.php?posttitle= Vulnerable Code wordpress-seo/js/wp-seo-metabox.js: function ystcleanstr if str == '' || str == undefined...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from...
CVE-2014-100001
Cross-site request forgery CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from...
CVE-2014-100001
CVE-2014-100001 is a CSRF vulnerability in the WordPress plugin LiveOptim (SEO Plugin LiveOptim) before version 1.1.4-free . The issue allows remote attackers to hijack the authentication of administrators and perform requests that change plugin settings via unspecified vectors, effectively manip...
LiveOptim 1.1.3 - Configuration Setting Manipulation CSRF
The SEO Plugin LiveOptim WordPress plugin was affected by a Configuration Setting Manipulation CSRF security vulnerability...
CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...
Unrestricted file upload
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/...
WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload
WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload Exploit Title : Wordpress Lazy SEO plugin Shell Upload Vulnerability Exploit Author : Ashiyane Digital Security Team Google Dork: : inurl:/wp-content/plugins/lazy-seo/ Date: 2013/09/21 Vendor Homepage : http://wordpress.org/plugins/lazy-seo...
WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload
Exploit Title : Wordpress Lazy SEO plugin Shell Upload Vulnerability Exploit Author : Ashiyane Digital Security Team Google Dork: : inurl:/wp-content/plugins/lazy-seo/ Date: 2013/09/21 Vendor Homepage : http://wordpress.org/plugins/lazy-seo Software Link :...
WordPress Platinum SEO Plugin <= 1.3.7 - XSS
Because of this vulnerability in platinumseopack.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the plugin...
vBSEO Sitemap 2.53.0 - Multiple Vulnerabilities
vBSEO Sitemap 2.53.0 - Multiple Vulnerabilities vBSEO Sitemap - Multiple Vulnerabilities Versions Affected: 2.5 and 3.0 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on the Web. The 1 SEO plugin and the only professional, fully supported solution. ...