8 matches found
EUVD-2015-9279
Malware in sbrugna...
CVE-2015-9439
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthissocialwidget pubid parameter...
WordPress plugin AddThis 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress addthis plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. addthis is a social sharing button plugin used in it. A cross-site scripting vulnerability exists in WordPress addthis plugin versions...
Cross site request forgery (csrf)
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthissocialwidget pubid parameter...
PostMessage cross-domain vulnerability-vulnerability warning-the black bar safety net
Note: this article is“millet Security Center”original, reprint please contact the“millet Security Center” Background Value: $3000 Vulnerability cause: postMessage cross-domain vulnerabilities to cause, the use of the websocket receives a user authentication token Original address:...
Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS
The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...
Smart Website Tools by AddThis 4.0.6-5.0.2 - Stored XSS
The Smart Website Tools by AddThis plugin exposes an AJAX function called 'atasyncloading' in 'addthis/addthis-for-wordpress.php'. Access to this function is restricted to Registered users, however is not restricted to Administrative users, meaning that anyone with an account on the target site c...