Lucene search
+L

65 matches found

Vulnrichment
Vulnrichment
added 2023/10/18 1:35 p.m.15 views

CVE-2023-45632 WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...

7.1CVSS5.8AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/18 1:35 p.m.33 views

CVE-2023-45632 WordPress Video Player Plugin <= 1.5.22 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WebDorado SpiderVPlayer plugin = 1.5.22 versions...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/05/08 12:0 a.m.26 views

WordPress Contact Form Maker Plugin < 1.13.5 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

8.8CVSS8.9AI score0.01058EPSS
Exploits1References2
Prion
Prion
added 2019/04/29 2:29 p.m.15 views

Directory traversal

The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

6.8CVSS8.6AI score0.01058EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/04/29 2:29 p.m.7 views

CVE-2019-11591

The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

8.8CVSS7.3AI score0.01058EPSS
Exploits1References4
CVE
CVE
added 2019/04/29 1:46 p.m.63 views

CVE-2019-11591

The CVE-2019-11591 issue affects the WebDorado Contact Form plugin for WordPress (pre-1.13.5). The vulnerability arises from a CSRF flaw in wp-admin/admin-ajax.php where a mismatch between POST action and unsanitized GET action allows local file inclusion via directory traversal. Impact is descri...

8.8CVSS8.5AI score0.01058EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/04/29 1:46 p.m.22 views

CVE-2019-11591

The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

8.7AI score0.01058EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/04/29 12:0 a.m.7 views

PT-2019-12401 · Webdorado · Webdorado Contact Form

Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form plugin versions prior to 1.13.5 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via directory...

8.8CVSS8.3AI score0.01058EPSS
Exploits1References6
OSV
OSV
added 2019/04/26 10:29 p.m.8 views

CVE-2019-11557

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...

8.8CVSS7.3AI score0.01058EPSS
Exploits1References4
CVE
CVE
added 2019/04/26 9:42 p.m.56 views

CVE-2019-11557

The CVE-2019-11557 entry concerns the WordPress plugin WebDorado Contact Form Builder, versions prior to 1.0.69. The vulnerability is a CSRF flaw on wp-admin/admin-ajax.php where discrepancies between POST[action] and GET[action] (unsanitized GET value) enable local file inclusion via directory t...

8.8CVSS8.5AI score0.01058EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/04/26 9:42 p.m.26 views

CVE-2019-11557

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...

8.7AI score0.01058EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/04/26 12:0 a.m.10 views

PT-2019-12378 · Webdorado · Webdorado Contact Form Builder

Name of the Vulnerable Software and Affected Versions: WebDorado Contact Form Builder plugin versions prior to 1.0.69 Description: The issue allows for CSRF via the "wp-admin/admin-ajax.php" API endpoint, specifically through the action parameter, which can lead to local file inclusion via...

8.8CVSS8.3AI score0.01058EPSS
Exploits1References6
CNVD
CNVD
added 2018/05/02 12:0 a.m.36 views

WordPress WebDorado Form Maker by WD CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . WebDorado Form Maker by WD is used in one of the responsive form builder plugin . A security vulnerability exis...

7.8CVSS6.5AI score0.04672EPSS
Exploits5References1
Prion
Prion
added 2018/04/27 4:29 p.m.12 views

Design/Logic Flaw

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

6.8CVSS7.8AI score0.04672EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2018/04/27 4:29 p.m.28 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.8CVSS7.9AI score0.04672EPSS
Exploits5References2
OSV
OSV
added 2018/04/27 4:29 p.m.5 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.8CVSS5.8AI score0.04672EPSS
Exploits5References2
CVE
CVE
added 2018/04/27 4:0 p.m.70 views

CVE-2018-10504

The CVE-2018-10504 entry concerns the WordPress plugin WebDorado Form Maker by WD, version prior to 1.12.24, which is vulnerable to CSV injection. The root cause is that CSV data exported by the Form Maker form can be crafted to execute commands when opened by a user with sufficient privileges, e...

7.8CVSS7.8AI score0.04672EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/04/27 4:0 p.m.35 views

CVE-2018-10504

The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection...

7.9AI score0.04672EPSS
Exploits5References2
exploitpack
exploitpack
added 2017/05/05 12:0 a.m.21 views

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection

WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011...

0.5AI score
Exploits0
0day.today
0day.today
added 2017/05/05 12:0 a.m.32 views

WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software...

6.7AI score
Exploits0
Rows per page
Query Builder