845 matches found
Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS
A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
CVE-2015-9450
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
Sql injection
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...
Directory traversal
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9451
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbmailchimp pmfbtid parameter...
CVE-2015-9446
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...
CVE-2015-9445
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegalleryajaxaction operation...
Sql injection
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
Design/Logic Flaw
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
CVE-2015-9422
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...
Code injection
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
Design/Logic Flaw
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=getsoundcloudplayer id parameter...
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
CVE-2015-9422
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...
CVE-2015-9421
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omscpopup id parameter...
CVE-2015-9394
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...