563 matches found
WordPress ultimate-form-builder-lite plugin SQL injection vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...
CVE-2017-15919
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...
Cross-site request forgery vulnerability in phpMyFaq admin/ajax.config.php file
phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...
Cross site request forgery (csrf)
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...
CVE-2017-15811
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assetsurl parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php...
diariojudio.com XSS vulnerability
Vulnerable URL: http://diariojudio.com/wp-admin/admin-ajax.php?tdthemename=Newspaper=8.1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 289299 VIP website status:| No Coordinated Disclosure Timeline: Description...
CVE-2017-9834
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watuproquestions parameter in a watuprosubmit action to wp-admin/admin-ajax.php...
bigulnews.com XSS vulnerability
Open Bug Bounty ID: OBB-279761 Description| Value ---|--- Affected Website:| bigulnews.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...
royalfashionist.com XSS vulnerability
Open Bug Bounty ID: OBB-279755 Description| Value ---|--- Affected Website:| royalfashionist.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-12199
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogueupdateorder list-item, videoupdateorder video-item, imageupdateorder list-item, taggroupupdateorder listitem, categoryproductsupdateorder...
BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities
Binary data 700143.prm...
CVE-2017-9449
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...
Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&albumid=0%20AND%20SELECT%20%20FROM%20SELECTSLEEP5VvZV&width=700&height=550&bwgitemsperpage=20&bwgnonce=b939983df9&TBifram...
CVE-2016-6896
Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...
WordPress Plugin Simply Poll SQL Injection Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...
WordPress Plugin Support Plus Responsive Ticket System SQL Injection Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the catid parameter of the admin-ajax.php page in version 7.1.3 of the...
Wordpress Sirv plugin SQL injection vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the rowid parameter of the admin-ajax.php page of Wordpress plugin Sirv...
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
Exploit Title: Product Catalog 8 1.2 Plugin WordPress – Sql Injection Date: 12/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/product-catalog-8/ Software Link: https://wordpress.org/plugins/product-catalog-8/ Contact: http://twitter.com/lenonleite Website:...
WordPress WP Live Chat Support(6.2.03) plugin stored XSS
No description provided by source. !/usr/bin/python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from pocsuite.api.utils import randomStr import urllib import re class TestPOCPOCBase: name = 'WordPress WP Live Chat...
WordPress Ninja Forms 2.9.51 Cross Site Scripting
------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...