8952 matches found
Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection
There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...
Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection
There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...
Shortcode Factory < 1.1.1 - XSS
The Shortcode Factory WordPress plugin was affected by a XSS security vulnerability...
CVE-2015-2165
Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...
Feed Them Social < 1.7.0 - XSS & Arbitrary Shortcode Execution
The Feed Them Social – for Twitter feed, Youtube, Pinterest and more WordPress plugin was affected by a XSS & Arbitrary Shortcode Execution security vulnerability...
CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
DEBIAN-CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
Cross site scripting
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
CVE-2014-9031
Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...
WordPress <= 3.9.2 - XSS
This vulnerability is in the "wptexturize" function. It allows the attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. Solution Update WordPress...
CVE-2014-6312
Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...
CVE-2014-6312
CVE-2014-6312: A CSRF vulnerability in the WordPress plugin Login Widget With Shortcode (login-sidebar-widget) prior to version 3.2.1 allows remote attackers to hijack administrator sessions and perform XSS via the custom_style_afo parameter on the login_widget_afo page leading to wp-admin/option...
CVE-2014-6312
Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...
WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities
Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc. Solution Update the plugin...
WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities
WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...
WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities
Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...
WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS Vulnerabilities
WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...
WordPress download-shortcode 1.1 /wp-content/force-download.php 本地文件包含漏洞
No description provided by source...