564 matches found
kladskolan.se Improper Access Control vulnerability
Open Bug Bounty ID: OBB-635208 Description| Value ---|--- Affected Website:| kladskolan.se Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
bekkerveldfestival.nl Improper Access Control vulnerability
Open Bug Bounty ID: OBB-635101 Description| Value ---|--- Affected Website:| bekkerveldfestival.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
CVE-2018-11309
Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request...
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
...
joyplus-cms cross-site scripting vulnerability (CNVD-2018-08698)
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...
WordPress WooCommerce Products Filter Plugin File Inclusion Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WooCommerce Products Filter aka WOOF plugin is to use one of the conditional filtering plugin . A file inclusion...
joyplus-cms cross-site scripting vulnerability
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
carranza.com.ec XSS vulnerability
Open Bug Bounty ID: OBB-568428 Description| Value ---|--- Affected Website:| carranza.com.ec Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
induscs.ca XSS vulnerability
Open Bug Bounty ID: OBB-568379 Description| Value ---|--- Affected Website:| induscs.ca Vulnerable Application:| WordPress Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on I...
thestyledivision.com XSS vulnerability
Open Bug Bounty ID: OBB-552737 Description| Value ---|--- Affected Website:| thestyledivision.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newsmag theme from tagdiv Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
pikio.pl XSS vulnerability
Open Bug Bounty ID: OBB-552726 Description| Value ---|--- Affected Website:| pikio.pl Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines Remediation Guide...
CVE-2018-6357
The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...
WordPress weblizar-pinterest-feeds plugin cross-site scripting vulnerability (CNVD-2018-01274)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. weblizar-pinterest-feeds plugin is used in one of the plugin for displaying Pinterest data. A cross-site scriptin...
WordPress weblizar-pinterest-feeds plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. weblizar-pinterest-feeds plugin is used in one of the plugin for displaying Pinterest data. A cross-site request...
WordPress weblizar-pinterest-feeds plugin cross-site scripting vulnerability (CNVD-2018-01275)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. weblizar-pinterest-feeds plugin is used in one of the plugin for displaying Pinterest data. A cross-site scriptin...
CVE-2017-18032
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdmgeneratepassword action to wp-admin/admin-ajax.php...
CVE-2018-5654
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...
CVE-2018-5653
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizarpffreesettingssaveget-users parameter...