845 matches found
CVE-2014-2674
Directory traversal vulnerability in the Ajax Pagination twitter Style plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the loop parameter in an ajaxnavigation action to wp-admin/admin-ajax.php...
Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection
Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. PoC Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order=SERIALIZED-OBJECT"...
Category Order and Taxonomy Terms Order <= 1.5.2.2 - Authenticated PHP Object Injection
Usage of unserialize on user input in the saving request of the orders leads to PHP object injection vulnerability. Send POST request to "URL/wp-admin/admin-ajax.php" with parameters "action=update-taxonomy-order&order=SERIALIZED-OBJECT"...
blog.activ-investment.eu XSS vulnerability
Open Bug Bounty ID: OBB-568414 Description| Value ---|--- Affected Website:| blog.activ-investment.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| WordPress Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
sylvaniatownship.com XSS vulnerability
Open Bug Bounty ID: OBB-568372 Description| Value ---|--- Affected Website:| sylvaniatownship.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| WordPress Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
academia.subdere.gov.cl XSS vulnerability
Open Bug Bounty ID: OBB-568371 Description| Value ---|--- Affected Website:| academia.subdere.gov.cl Vulnerable Application:| WordPress Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosu...
Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)
User input gets first escaped with eschtml and then urldecoded. This leads to the possibility of reflected XSS with a double url encoded payload...
Swape Theme - Authentication Bypass and Stored XSS
Similar to https://wpvulndb.com/vulnerabilities/8061, but with no authentication The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registratio...
beautifulworld.com XSS vulnerability
Open Bug Bounty ID: OBB-552745 Description| Value ---|--- Affected Website:| beautifulworld.com Vulnerable Application:| newsmag theme from tagdiv Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinat...
nasiloluyo.com XSS vulnerability
Open Bug Bounty ID: OBB-552742 Description| Value ---|--- Affected Website:| nasiloluyo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newsmag theme from tagdiv Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross site request forgery (csrf)
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2018-6357
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
CVE-2017-18032
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdmgeneratepassword action to wp-admin/admin-ajax.php...
Design/Logic Flaw
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...
Cross site request forgery (csrf)
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php...
Design/Logic Flaw
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter...
Design/Logic Flaw
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...
CVE-2018-5654
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...
CVE-2018-5653
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...
CVE-2018-5653
The CVE-2018-5653 entry refers to a vulnerability in the WordPress plugin weblizar-pinterest-feeds version 1.1.1. The issue is an XSS vulnerability exploitable via the wp-admin/admin-ajax.php parameter weblizar_pffree_settings_save_get-users. Several connected sources (CNVD-2018-01274 and WPVulnD...