Lucene search
+L

636 matches found

NVD
NVD
added 2017/12/20 3:29 a.m.25 views

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

6.1CVSS6AI score0.00951EPSS
Exploits2References2
Prion
Prion
added 2017/12/20 3:29 a.m.22 views

Design/Logic Flaw

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

4.3CVSS6AI score0.00951EPSS
Exploits2References2Affected Software8
OSV
OSV
added 2017/12/20 3:29 a.m.7 views

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

6.1CVSS5.8AI score0.00951EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/12/20 3:0 a.m.29 views

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

6AI score0.00951EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2017/12/18 12:0 a.m.32 views

Clockwork SMS Cross Site Scripting

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability Type: Reflected XSS via GET parameter "to". Vendor of the affected plugins: https://www.clockworksms.com/plugins/ Affected Plugins:...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2017/11/28 8:46 p.m.25 views

WPSploit - WordPress Plugin Code Scanner

This tool is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. For more info click here. Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit $ python wpsploit.py pluginfile.php or $ wget...

7.3AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/04/27 12:0 a.m.13 views

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over HTTP requests to sites...

1.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/04/27 12:0 a.m.16 views

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original...

7.5CVSS1.2AI score0.02339EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.24 views

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

7.5CVSS0.8AI score0.02339EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/04/27 12:0 a.m.11 views

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. PoC Attack is exploitable over AJAX calls on sites with th...

0.9AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2017/04/27 12:0 a.m.18 views

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

0.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/04/27 12:0 a.m.12 views

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over AJAX calls sites with...

2.5AI score
Exploits0References1Affected Software1
CVE
CVE
added 2015/10/16 8:0 p.m.90 views

CVE-2015-7377

The CVE-2015-7377 vulnerability affects WordPress Pie Register plugin versions before 2.0.19, where an unsanitized invitaion_code parameter in pie-register.php enables reflected XSS. The root cause is improper handling of the GET parameter, allowing injection of arbitrary script/HTML. Impact is r...

4.3CVSS5.8AI score0.04405EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2015/07/08 12:0 a.m.8 views

Multiple Cross-Site Scripting Vulnerabilities in Multiple WordPress Plugins

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in several WordPress plugins due to the program failing to adequately filter user-supplied input. An attacker is...

6.1CVSS6.8AI score0.0196EPSS
Exploits2References1
NVD
NVD
added 2015/06/30 2:59 p.m.24 views

CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

7.5CVSS7.3AI score0.75256EPSS
Exploits2References7
Cvelist
Cvelist
added 2014/12/31 9:0 p.m.19 views

CVE-2014-9397

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

6.4AI score0.01015EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2014/12/12 12:0 a.m.27 views

WordPress Simple Visitor Stat Cross Site Scripting

Title: WordPress 'Simple Visitor Stat' plugin - Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ ---------------------------------------------------------------- Description:...

Exploits0
0day.today
0day.today
added 2014/09/05 12:0 a.m.29 views

Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability Author : Hannaichi @dntkun Date : February 5th, 2014 Type : php, html, htm, asp, etc. Category : Web Applications Vulnerability :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability

No description provided by source. Description : Wordpress Plugins - Easy Contact Forms Export Information Disclosure Vulnerability Version : 1.1.0 Link : http://wordpress.org/extend/easy-contact-forms-exporter/ Plugins : http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip Date ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Wordpress Fancy Gallery Plugin 1.2.4 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - Fancy Gallery Arbitrary File Upload Vulnerability Version : 1.2.4 link : http://codecanyon.net/item/fancy-gallery-wordpress-plugin/400535 Price : 18$ Date : 22-06-2012 Google Dork : inurl:/wp-content/plugins/radykal-fancy-galler...

7.1AI score
Exploits0
Rows per page
Query Builder