WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities

WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...

Cross site scripting

Cross-site scripting XSS vulnerability in the saveorder function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items parameter in an fsbsaveorder action to wp-admin/admin-ajax.ph...

CVE-2015-4614

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2mimgsavemapname action to wp-admin/admin-ajax.php and other unspecified vectors...

Sql injection

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2mimgsavemapname action to wp-admin/admin-ajax.php and other unspecified vectors...

CVE-2015-5151

Cross-site scripting XSS vulnerability in the Slider Revolution revslider plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the clientaction parameter in a revsliderajaxaction action to wp-admin/admin-ajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Slider Revolution revslider plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the clientaction parameter in a revsliderajaxaction action to wp-admin/admin-ajax.php...

WordPress Revslider 4.2.2 XSS / Information Disclosure Vulnerabilities

WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data. | Title : WordPress Revslider 4.2.2 Multi Vulnerability | Author : indoushka | email : email protected | Dork :...

Directory traversal

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a loadtemplate action to wp-admin/admin-ajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a checkstat action to wp-admin/admin-ajax.php...

Wordpress Theme Nevada Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Theme Nevada Arbitrary File Download Vulnerability Date: 01/05/2015 Exploit Author: X-Line Vendor Homepage: http://themeforest.unitedthemes.com/wpversions/nevada/ Contact : http://www.root-me.org/X-Line-24646 Tested on...

WordPress Better WP Security Plugin <= 3.6.3 - Stored XSS

This plugin is prone to /wp-admin/admin-ajax.php license parameter stored XSS weakness. Solution Upgrade the plugin...

WordPress Rockhoist Ratings Plugin <= 1.2.2 - SQL Injection

This plugin is prone to an SQL injection vulnerability in wp-admin/admin-ajax.php postID parameter. Solution Update the plugin...

CVE-2014-9311

Cross-site scripting XSS vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the locationid parameter in a shareaholicaddlocation action to wp-admin/admin-ajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the locationid parameter in a shareaholicaddlocation action to wp-admin/admin-ajax.php...

CVE-2014-9311

Cross-site scripting XSS vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the locationid parameter in a shareaholicaddlocation action to wp-admin/admin-ajax.php...

WordPress Plugin Video Gallery 2.8 - SQL Injection

WordPress Plugin Video Gallery 2.8 - SQL Injection Exploit Title : Wordpress Video Gallery 2.8 SQL Injection Vulnerabilitiey Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link :...

Sql injection

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php...

Sql injection

SQL injection vulnerability in the ajaxsurvey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the surveyid parameter in an ajaxsurvey action to wp-admin/admin-ajax.php...

CVE-2015-2090

SQL injection vulnerability in the ajaxsurvey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the surveyid parameter in an ajaxsurvey action to wp-admin/admin-ajax.php...

Sql injection

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery contus-video-gallery plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php...