Lucene search
K

560 matches found

Positive Technologies
Positive Technologies
added 2015/02/11 12:0 a.m.8 views

PT-2015-5366

Name of the Vulnerable Software and Affected Versions Elegant Themes Divi theme for WordPress affected versions not specified Description A directory traversal issue exists in the Elegant Themes Divi theme for WordPress, allowing remote attackers to read arbitrary files. This is achieved by...

5CVSS7.4AI score0.22055EPSS
Exploits5References8
CNVD
CNVD
added 2015/01/14 12:0 a.m.3 views

WordPress Plugin Photo Gallery 'wp-admin/admin-ajax.php' SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Photo Gallery 'wp-admin/admin-ajax.php'. Due to the program...

7.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2014/12/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...

7.5CVSS6AI score0.75256EPSS
Exploits2References1
Patchstack
Patchstack
added 2014/11/13 12:0 a.m.25 views

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...

5CVSS4.8AI score0.18028EPSS
Exploits5References1Affected Software1
NVD
NVD
added 2014/10/21 2:55 p.m.17 views

CVE-2014-8375

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...

6.5CVSS8.4AI score0.0323EPSS
Exploits1References3
0day.today
0day.today
added 2014/09/20 12:0 a.m.62 views

Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability Exploit Author : NULLPointer Contact : https://www.facebook.com/xenith.gianni Date : 20/09/2014 Vendor Homepage :...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/09/18 12:0 a.m.77 views

WordPress Theme 3clicks Arbitrary File Download Vulnerability

WordPress Theme 3clicks suffers from Arbitrary File Download Vulnerability. POC : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:"/wp-content/themes/3clicks/" Demo Sites...

7.1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2014/09/03 12:0 a.m.2 views

VulnCheck KEV: CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

5CVSS7.4AI score0.20631EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2014/08/24 12:0 a.m.20 views

WordPress KenBurner Slider Arbitrary File Download

Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability Google Dork: Index of /wp-content/plugins/kbslider Date: 2014-08-21 Exploit Author: MF0x and Daniel Pentest Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 Version...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.16 views

BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS

The BuddyPress Extended Friendship Request WordPress plugin was affected by a wp-admin/admin-ajax.php friendshiprequestmessage Parameter XSS security vulnerability...

2.6CVSS1.5AI score0.02072EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities

No description provided by source. html !-- Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin CSRF + XSS Google Dork: inurl:wp-content/plugins/faqs-manager Date: 21.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2014/04/24 12:0 a.m.11 views

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload

Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php. Solution Edit the data from the control "acceptfiletypes"...

3.3AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2013/05/16 12:0 a.m.32 views

WordPress Plugin WP Cleanfix - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/59940/info The WP cleanfix plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are...

7AI score
Exploits0
0day.today
0day.today
added 2013/03/22 12:0 a.m.22 views

WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities

IndiaNIC FAQ Settings Page is vulnerable for CSRF. The Ask Question area front-end is vulnerable for XSS. It is possible to insert alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field =================== We don't need the captcha Image when we have this ...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2013/03/22 12:0 a.m.17 views

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area X...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2013/03/22 12:0 a.m.19 views

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities

alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area XSS in question parameter POST /wordpress/wp-admin/admin-ajax.php HTTP...

7.4AI score
Exploits0
htbridge
htbridge
added 2013/01/16 12:0 a.m.52 views

Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in CommentLuv WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CommentLuv wordpress plugin: CVE-2013-1409 The vulnerability exists due to insufficient filtration of...

2.6CVSS0.4AI score0.04546EPSS
Exploits3Affected Software1
exploitpack
exploitpack
added 2012/05/15 12:0 a.m.16 views

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting source: https://www.securityfocus.com/bid/53537/info The Soundcloud Is Gold plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

Exploits0
Positive Technologies
Positive Technologies
added 2012/05/03 12:0 a.m.8 views

PT-2012-3667 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue is related to the wp create nonce function, which associates a nonce with a user account instead of a user session. This might make it easier for remote attackers to conduct cross-si...

6.8CVSS7.2AI score0.02879EPSS
Exploits7References8
OSV
OSV
added 2007/05/22 9:30 p.m.3 views

DEBIAN-CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS8.8AI score0.052EPSS
Exploits1References1
Rows per page
Query Builder