65 matches found
CVE-2023-45632 WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...
CVE-2023-45632 WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...
WordPress Contact Form Maker Plugin < 1.13.5 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
Directory traversal
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...
CVE-2019-11591
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...
CVE-2019-11591
The CVE-2019-11591 issue affects the WebDorado Contact Form plugin for WordPress (pre-1.13.5). The vulnerability arises from a CSRF flaw in wp-admin/admin-ajax.php where a mismatch between POST action and unsanitized GET action allows local file inclusion via directory traversal. Impact is descri...
CVE-2019-11591
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...
PT-2019-12401 · Webdorado · Webdorado Contact Form
Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form plugin versions prior to 1.13.5 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via directory...
CVE-2019-11557
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...
CVE-2019-11557
The CVE-2019-11557 entry concerns the WordPress plugin WebDorado Contact Form Builder, versions prior to 1.0.69. The vulnerability is a CSRF flaw on wp-admin/admin-ajax.php where discrepancies between POST[action] and GET[action] (unsanitized GET value) enable local file inclusion via directory t...
CVE-2019-11557
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...
PT-2019-12378 · Webdorado · Webdorado Contact Form Builder
Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form Builder plugin versions prior to 1.0.69 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via...
WordPress WebDorado Form Maker by WD CSV Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . WebDorado Form Maker by WD is used in one of the responsive form builder plugin . A security vulnerability exis...
Design/Logic Flaw
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...
CVE-2018-10504
The CVE-2018-10504 entry concerns the WordPress plugin WebDorado Form Maker by WD, version prior to 1.12.24, which is vulnerable to CSV injection. The root cause is that CSV data exported by the Form Maker form can be crafted to execute commands when opened by a user with sufficient privileges, e...
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011...
WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software...