8952 matches found
CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
Design/Logic Flaw
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
Automattic: Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Jetpack's implementation of the Simple Payment Module is as follows: A custom post type is registered for each product. When an admin creates a product, a post is internally created and information about the product, such as the price is then stored as post meta information. After the post has be...
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description :...
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description : Quizlord is prone to Stored Cross Site Scripting...
WordPress Tooltipy (tooltips for WP) Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Tooltipy tooltips for WP is used in one of the plug-ins used to create responsive tip box. A cross-site scripting...
CVE-2018-1000512
Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...
Cross site scripting
Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...
WordPress Plugin WordPress File Upload Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Iptanus WordPress File Upload plugin is used in one of the file upload plugin. A security vulnerability exists in...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
Default credentials
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
WordPress WooCommerce Products Filter Plugin File Inclusion Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WooCommerce Products Filter aka WOOF plugin is to use one of the conditional filtering plugin . A file inclusion...
CVE-2018-8710
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
CVE-2018-8711
A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...
CVE-2018-8710
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...
Remote code execution
A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...