CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

845 matches found

Cvelist•added 2018/01/13 12:0 a.m.•19 views

CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...

6AI score0.00972EPSS

Exploits1References2

0day.today•added 2017/12/20 12:0 a.m.•46 views

WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities. Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Booking...

8AI score

Exploits0

exploitpack•added 2017/11/03 12:0 a.m.•13 views

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link:...

Exploits0

OpenVAS•added 2017/11/03 12:0 a.m.•26 views

WordPress Ultimate Form Builder Lite Plugin < 1.3.7 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:accesspressthemes:ultimate-form-builder-lite"; if descriptio...

9.8CVSS9.7AI score0.02482EPSS

Exploits0References3

Packet Storm•added 2017/10/30 12:0 a.m.•47 views

WordPress Ultimate Product Catalog 4.2.24 PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

7.1AI score

Exploits0

Cvelist•added 2017/10/26 6:0 p.m.•31 views

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.9AI score0.02482EPSS

Exploits0References4

CVE•added 2017/10/26 6:0 p.m.•74 views

CVE-2017-15919

The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...

9.8CVSS9.8AI score0.02482EPSS

Exploits0References4Affected Software1

Prion•added 2017/10/23 5:29 p.m.•19 views

Design/Logic Flaw

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

3.5CVSS5.3AI score0.0097EPSS

Exploits1References3Affected Software1

Packet Storm•added 2017/10/22 12:0 a.m.•77 views

WordPress Polls 1.2.4 SQL Injection

Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 22/10/2017 Vulnerable version: 1.2.4 Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip Love to : zero cool,Team...

7.1AI score

Exploits0

Prion•added 2017/10/06 2:29 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a masterresponse action to wp-admin/admin-ajax.php...

4.3CVSS6.2AI score0.0118EPSS

Exploits1References2Affected Software1

Cvelist•added 2017/10/06 2:0 p.m.•10 views

CVE-2014-7240

6.1AI score0.0118EPSS

Exploits1References2

Prion•added 2017/09/07 2:29 p.m.•13 views

Sql injection

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watuproquestions parameter in a watuprosubmit action to wp-admin/admin-ajax.php...

7.5CVSS9.1AI score0.04069EPSS

Exploits3References2Affected Software1

Openbugbounty•added 2017/08/19 1:36 p.m.•6 views

vortexmag.net XSS vulnerability

Open Bug Bounty ID: OBB-280206 Description| Value ---|--- Affected Website:| vortexmag.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/19 1:34 p.m.•10 views

mylefkada.gr XSS vulnerability

Open Bug Bounty ID: OBB-280205 Description| Value ---|--- Affected Website:| mylefkada.gr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/19 1:31 p.m.•15 views

anorthosis24.net XSS vulnerability

Open Bug Bounty ID: OBB-280204 Description| Value ---|--- Affected Website:| anorthosis24.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/19 10:19 a.m.•9 views

linuxundich.de XSS vulnerability

Open Bug Bounty ID: OBB-280170 Description| Value ---|--- Affected Website:| linuxundich.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score

Exploits0

Openbugbounty•added 2017/08/19 8:32 a.m.•18 views

liman.az XSS vulnerability

Vulnerable URL: http://www.liman.az/wp-admin/admin-ajax.php?tdthemename=Newspaper=7.8 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 281602 VIP website status:| No Check liman.az S...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/18 5:9 p.m.•26 views

ivoirmixdj.com XSS vulnerability

Vulnerable URL: https://ivoirmixdj.com/wp-admin/admin-ajax.php?tdthemename=Newspaper=7.2 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 180640 VIP website status:| No Check...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/18 4:23 p.m.•8 views

fashionghana.com XSS vulnerability

Vulnerable URL: https://www.fashionghana.com/wp-admin/admin-ajax.php?tdthemename=Newspaper=8.1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 468765 VIP website status:| No Coordinated Disclosure Timeline:...

6.3AI score

Exploits0

Openbugbounty•added 2017/08/18 4:21 p.m.•7 views

olisa.tv XSS vulnerability

Vulnerable URL: https://www.olisa.tv/wp-admin/admin-ajax.php?tdthemename=Newspaper=8.1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 104768 VIP website status:| No Coordinated Disclosure Timeline: Description|...

6.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by