Lucene search
+L

563 matches found

CNVD
CNVD
added 2017/11/03 12:0 a.m.29 views

WordPress ultimate-form-builder-lite plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...

9.8CVSS7.8AI score0.02482EPSS
Exploits0References1
OSV
OSV
added 2017/10/26 6:29 p.m.4 views

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.8CVSS5.8AI score0.02482EPSS
Exploits0References4
CNVD
CNVD
added 2017/10/24 12:0 a.m.5 views

Cross-site request forgery vulnerability in phpMyFaq admin/ajax.config.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

8.8CVSS8.7AI score0.01173EPSS
Exploits2References1
Prion
Prion
added 2017/10/23 5:29 p.m.20 views

Cross site request forgery (csrf)

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

6.8CVSS8.6AI score0.01173EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2017/10/23 5:29 p.m.5 views

CVE-2017-15811

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...

5.4CVSS5.8AI score0.0097EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2017/09/19 12:2 p.m.14 views

diariojudio.com XSS vulnerability

Vulnerable URL: http://diariojudio.com/wp-admin/admin-ajax.php?tdthemename=Newspaper=8.1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 289299 VIP website status:| No Coordinated Disclosure Timeline: Description...

6.3AI score
Exploits0
OSV
OSV
added 2017/09/07 2:29 p.m.4 views

CVE-2017-9834

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watuproquestions parameter in a watuprosubmit action to wp-admin/admin-ajax.php...

9.8CVSS6.1AI score0.04069EPSS
Exploits3References2
Openbugbounty
Openbugbounty
added 2017/08/17 8:47 p.m.9 views

bigulnews.com XSS vulnerability

Open Bug Bounty ID: OBB-279761 Description| Value ---|--- Affected Website:| bigulnews.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/08/17 8:9 p.m.7 views

royalfashionist.com XSS vulnerability

Open Bug Bounty ID: OBB-279755 Description| Value ---|--- Affected Website:| royalfashionist.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
OSV
OSV
added 2017/08/02 5:29 a.m.4 views

CVE-2017-12199

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogueupdateorder list-item, videoupdateorder video-item, imageupdateorder list-item, taggroupupdateorder listitem, categoryproductsupdateorder...

9.8CVSS5.9AI score0.01828EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/06/21 12:0 a.m.21 views

BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities

Binary data 700143.prm...

9.8CVSS5.4AI score0.01988EPSS
Exploits6References7
OSV
OSV
added 2017/06/06 3:29 p.m.20 views

CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

8.8CVSS8.2AI score
Exploits0References1
wpexploit
wpexploit
added 2017/05/02 12:0 a.m.14 views

Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&albumid=0%20AND%20SELECT%20%20FROM%20SELECTSLEEP5VvZV&width=700&height=550&bwgitemsperpage=20&bwgnonce=b939983df9&TBifram...

0.8AI score
Exploits0References1
Cvelist
Cvelist
added 2017/01/18 9:0 p.m.34 views

CVE-2016-6896

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...

5.2AI score0.38445EPSS
Exploits6References5
CNVD
CNVD
added 2016/12/29 12:0 a.m.6 views

WordPress Plugin Simply Poll SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...

7.8AI score
Exploits0References1
CNVD
CNVD
added 2016/12/21 12:0 a.m.2 views

WordPress Plugin Support Plus Responsive Ticket System SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the catid parameter of the admin-ajax.php page in version 7.1.3 of the...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2016/11/18 12:0 a.m.5 views

Wordpress Sirv plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the rowid parameter of the admin-ajax.php page of Wordpress plugin Sirv...

7.9AI score
Exploits0References1
Exploit DB
Exploit DB
added 2016/11/12 12:0 a.m.28 views

WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection

Exploit Title: Product Catalog 8 1.2 Plugin WordPress – Sql Injection Date: 12/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/product-catalog-8/ Software Link: https://wordpress.org/plugins/product-catalog-8/ Contact: http://twitter.com/lenonleite Website:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/08/04 12:0 a.m.27 views

WordPress WP Live Chat Support(6.2.03) plugin stored XSS

No description provided by source. !/usr/bin/python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from pocsuite.api.utils import randomStr import urllib import re class TestPOCPOCBase: name = 'WordPress WP Live Chat...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/07/19 12:0 a.m.32 views

WordPress Ninja Forms 2.9.51 Cross Site Scripting

------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

0.3AI score
Exploits0
Rows per page
Query Builder