845 matches found
CVE-2014-7152
Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...
Nokia Web Security Bug Reward: Directory Traversal / Local File inclusion Vulnerability
Little Insight: Well this is my first Directory Traversal Vulnerability / Local File inclusion Vulnerability which I spotted in http://conversations.nokia.com Report Date : 5th march 2014 Reward For Directory Traversal Vulnerability : Nokia Lumia 925Phone How This Work when i was testing it was...
WordPress Theme !LesPaul Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title : WordPress Theme !LesPaul Arbitrary File Download Vulnerability Exploit Author : NULLPointer Date : 18/09/2014 Vendor Homepage: http://themes.webmandesign.eu/lespaul/ Version: 1.3 Google Dork : inurl:"/wp-content/themes/lespaul/...
WordPress Theme Forall Arbitrary File Download Vulnerability
WordPress Theme forall suffers from Arbitrary File Download Vulnerability Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:wp-content/themes/forall Demo:...
WordPress Theme LaBomba Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title : WordPress Theme LaBomba Arbitrary File Download Vulnerability Exploit Author : NULLPointer Date : 17/09/2014 Vendor Homepage : http://themeforest.net/item/labomba-responsive-multipurpose-wordpress-theme/6106367 Version: 1.7...
Wordpress Webcam 2Way Videochat Plagin XSS Vulnerability
The VideoWhisper 2 Way Video Chat is a web based video application designed for instant 1 on 1 private online video conferencing. Exploit Title : Wordpress Plugin Webcam 2Way Videochat XSS Vulnerability Exploit Author : NULLPointer Date : 17/09/2014 Download Link :...
WordPress core theme Arbitrary File Download Vulnerability
Usage Info Download Config From The Target. http://localhost/wp-admin/admin-ajax.php?action=revslidershowimage&img=../wp-config.php Exploit Title: WordPress core theme Arbitrary File Download Vulnerability Date: 2014/09/11 Google Dork : inurl:/wp-content/themes/core/framework/wordpress-importer/...
WordPress Plugin WP to Twitter - Authentication Bypass
WordPress Plugin WP to Twitter - Authentication Bypass source: https://www.securityfocus.com/bid/69741/info WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized...
Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download
No description provided by source. WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405...
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download
Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...
Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download
WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405 Tested on: Windows 7 and Gnu/Linux...
Sql injection
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
...
Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion
Plugin is still affected and has been closed...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...
CVE-2014-4163
Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...
WordPress Featured Comments 1.2.1 Cross Site Request Forgery
Details ================ Software: Featured Comments Version: 1.2.1 Homepage: http://wordpress.org/plugins/feature-comments/ Advisory ID: dxw-2014-1360 CVE: Awaiting assignment CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N Description ================ CSRF in Featured Comments 1.2.1 allows an...
CVE-2014-3210
CVE-2014-3210 describes an SQL injection in the WordPress Booking System (Booking Calendar) plugin. The vulnerability affects the plugin’s dopbs-backend-forms.php and allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter sent to wp-admin/admin-ajax....
WordPress Work-The-Flow 1.2.1 Shell Upload
Author: nopesled Date: 24/04/14 Software: https://wordpress.org/plugins/work-the-flow-file-upload/ Company: http://wtf-fu.com/ Version: 1.2.1 Tested on: Windows 7 Vulnerability: Unrestricted File Upload Submit an image file via the wtf upload panel and intercept the POST request to...
Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload
Exploit for php platform in category web applications Author: nopesled Date: 24/04/14 Software: https://wordpress.org/plugins/work-the-flow-file-upload/ Company: http://wtf-fu.com/ Version: 1.2.1 Tested on: Windows 7 Vulnerability: Unrestricted File Upload Submit an image file via the wtf upload...