EUVD-2005-3551

Malware in sbrugna...

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

Sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103 Kama Click Counter Plugin admin.php Blind sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

CVE-2017-20103

CVE-2017-20103 describes a blind SQL injection in the Kama Click Counter Plugin (up to version 3.4.8) affecting wp-admin/admin.php via the order_by/order parameter (ASC, (select sleep(2))). The vulnerability can be exploited remotely and the public exploit has been disclosed. Upgrading to version...

CVE-2020-18264

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=acteditmember"...

CVE-2020-10984

Gambio GX (before 4.0.1.0) contains a CSRF vulnerability in admin/admin.php. The CVE entry CVE-2020-10984 documents a cross-site request forgery flaw affecting the admin interface; no explicit remediation is provided in the connected sources. The public references confirm the affected product/ver...

Design/Logic Flaw

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter...

Design/Logic Flaw

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

CVE-2019-9912

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO...

Design/Logic Flaw

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...

CVE-2018-5687

NewsBee (CMS) vulnerability CVE-2018-5687: a stored/reflected XSS is possible via the Company Name field in Settings (admin/admin.php). The description across sources consistently states an XSS vulnerability in NewsBee’s Settings interface. Root cause: improper sanitization/escaping of input in t...

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php...

WordPress GD Rating System plugin 2.3 - Directory Traversal vulnerability (3)

A third Directory Traversal vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...

Sql injection

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free aka Event Espresso Lite plugin v3.1.37.12.L for WordPress via the recurrenceid parameter to /wp-admin/admin.php...

WordPress LeagueManager Plugin <= 3.7 - Cross Site Scripting

This plugin is prone to a wp-admin/admin.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the imagefile parameter in an edit action in the...

CVE-2015-1385

Cross-site scripting XSS vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmincategoryfeeds.php page to...