WordPress <= 3.9.2 - XSS

This vulnerability is in the "wptexturize" function. It allows the attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. Solution Update WordPress...

CVE-2014-6312

Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...

CVE-2014-6312

Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...

CVE-2014-6312

CVE-2014-6312: A CSRF vulnerability in the WordPress plugin Login Widget With Shortcode (login-sidebar-widget) prior to version 3.2.1 allows remote attackers to hijack administrator sessions and perform XSS via the custom_style_afo parameter on the login_widget_afo page leading to wp-admin/option...

WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities

Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc. Solution Update the plugin...

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS Vulnerabilities

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

WordPress download-shortcode 1.1 /wp-content/force-download.php 本地文件包含漏洞

No description provided by source...

WordPress ShortCode Plugin Directory Traversal Vulnerability

WordPress ShortCode Plugin is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87214' version = '1' vulDate = '1409760000' createDate = '1442937600' references =...

Directory traversal

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-5465

The CVE-2014-5465 issue affects the WordPress ShortCode Plugin (Download ShortCode) version 0.2.3 and earlier, where force-download.php is vulnerable to directory traversal via a .. in the file parameter, enabling reading arbitrary local files. OpenVAS/PRION/CVE references corroborate a Local Fil...

CVE-2014-5465

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

WordPress ShortCode Plugin 0.2.3 - Local File Inclusion

This vulnerability can be exploited to include arbitrary files. Solution Upgrade the plugin...

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Plugin Download Link :...

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 1.1 Plugin Name : Download...

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download...

WordPress ShortCode 0.2.3 Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Vendor Home : http://werdswords.com/ Date :...

Polldaddy Polls & Rating 2.0.24 - polldaddy-org.php unique_id Ratings Shortcode XSS

The Crowdsignal Polls & Ratings WordPress plugin was affected by a polldaddy-org.php uniqueid Ratings Shortcode XSS security vulnerability...