Lucene search
+L

563 matches found

CNVD
CNVD
added 2015/03/06 12:0 a.m.6 views

WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...

4.3CVSS6.1AI score0.04186EPSS
Exploits1References1
CNVD
CNVD
added 2015/02/26 12:0 a.m.6 views

WordPress Plugin Apptha WordPress Video Gallery SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site .Apptha WordPress Video Gallery contus-video-gallery is one of the video gallery plugin. A SQL injection...

7.5CVSS8.2AI score0.4107EPSS
Exploits4References1
NVD
NVD
added 2015/02/24 5:59 p.m.27 views

CVE-2015-2065

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery contus-video-gallery plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php...

7.5CVSS8.4AI score0.4107EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2015/02/11 12:0 a.m.9 views

PT-2015-5366

Name of the Vulnerable Software and Affected Versions Elegant Themes Divi theme for WordPress affected versions not specified Description A directory traversal issue exists in the Elegant Themes Divi theme for WordPress, allowing remote attackers to read arbitrary files. This is achieved by...

5CVSS7.4AI score0.22055EPSS
Exploits5References8
CNVD
CNVD
added 2015/01/14 12:0 a.m.3 views

WordPress Plugin Photo Gallery 'wp-admin/admin-ajax.php' SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Photo Gallery 'wp-admin/admin-ajax.php'. Due to the program...

7.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2014/12/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...

7.5CVSS6AI score0.75256EPSS
Exploits2References1
Patchstack
Patchstack
added 2014/11/13 12:0 a.m.27 views

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...

5CVSS4.8AI score0.18028EPSS
Exploits5References1Affected Software1
NVD
NVD
added 2014/10/21 2:55 p.m.17 views

CVE-2014-8375

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...

6.5CVSS8.4AI score0.0323EPSS
Exploits1References3
0day.today
0day.today
added 2014/09/20 12:0 a.m.63 views

Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Plugin CSSJockey Membership Modules Code Execution Vulnerability Exploit Author : NULLPointer Contact : https://www.facebook.com/xenith.gianni Date : 20/09/2014 Vendor Homepage :...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/09/18 12:0 a.m.78 views

WordPress Theme 3clicks Arbitrary File Download Vulnerability

WordPress Theme 3clicks suffers from Arbitrary File Download Vulnerability. POC : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:"/wp-content/themes/3clicks/" Demo Sites...

7.1AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2014/09/03 12:0 a.m.2 views

VulnCheck KEV: CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

5CVSS7.4AI score0.20631EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2014/08/24 12:0 a.m.20 views

WordPress KenBurner Slider Arbitrary File Download

Exploit Title : WordPress Plugin KenBurner Slider Arbitrary File Download Vulnerability Google Dork: Index of /wp-content/plugins/kbslider Date: 2014-08-21 Exploit Author: MF0x and Daniel Pentest Vendor Homepage: http://codecanyon.net/item/responsive-kenburner-slider-jquery-plugin/1633038 Version...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.16 views

BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS

The BuddyPress Extended Friendship Request WordPress plugin was affected by a wp-admin/admin-ajax.php friendshiprequestmessage Parameter XSS security vulnerability...

2.6CVSS1.5AI score0.02072EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities

No description provided by source. html !-- Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin CSRF + XSS Google Dork: inurl:wp-content/plugins/faqs-manager Date: 21.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2014/04/24 12:0 a.m.11 views

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload

Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php. Solution Edit the data from the control "acceptfiletypes"...

3.3AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2013/05/16 12:0 a.m.33 views

WordPress Plugin WP Cleanfix - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/59940/info The WP cleanfix plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are...

7AI score
Exploits0
0day.today
0day.today
added 2013/03/22 12:0 a.m.22 views

WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities

IndiaNIC FAQ Settings Page is vulnerable for CSRF. The Ask Question area front-end is vulnerable for XSS. It is possible to insert alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field =================== We don't need the captcha Image when we have this ...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2013/03/22 12:0 a.m.17 views

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area X...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2013/03/22 12:0 a.m.19 views

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities

alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area XSS in question parameter POST /wordpress/wp-admin/admin-ajax.php HTTP...

7.4AI score
Exploits0
htbridge
htbridge
added 2013/01/16 12:0 a.m.52 views

Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in CommentLuv WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in CommentLuv wordpress plugin: CVE-2013-1409 The vulnerability exists due to insufficient filtration of...

2.6CVSS0.4AI score0.04546EPSS
Exploits3Affected Software1
Rows per page
Query Builder