Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

843 matches found

wpexploit
wpexploitadded 2015/02/22 12:0 a.m.9 views

Quasar Theme Rock Form Builder plugin - Privilege Escalation

The Rock Form Builder plugin 1.0 is used within the Quasar WooCommerce theme 1.9.1. Authenticated users can modify WordPress settings which can lead to full site compromise. It's unclear which exact version of the rock-form-builder fixed the issue, but it was something in between 1.0 and 2.5, so...

7AI score
Exploits0References3
0day.today
0day.todayadded 2015/02/16 12:0 a.m.15 views

WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WonderPlugin Audio Player 2.0 Blind SQL Injection and XSS Date: 20-01-2015 Software Link: http://www.wonderplugin.com/wordpress-audio-player/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2015/02/13 12:0 a.m.55 views

WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection

. Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link: https://downloads.wordpress.org/plugin/spider-event-calendar.1.4.9.zip...

7.4AI score
Exploits0
NVD
NVDadded 2015/02/11 7:59 p.m.21 views

CVE-2015-1582

Multiple cross-site scripting XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or...

4.3CVSS5.9AI score0.00174EPSS
Exploits1References2
Prion
Prionadded 2015/02/11 7:59 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or...

4.3CVSS6.2AI score0.00174EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2015/02/11 7:0 p.m.104 views

CVE-2015-1579

CVE-2015-1579 describes a directory traversal in the WordPress Slider Revolution plugin (revslider) prior to version 4.2. An attacker can cause read of arbitrary server files by supplying a .. sequence in the img parameter to the revslider_show_image action via wp-admin/admin-ajax.php. This affec...

5CVSS9AI score0.80822EPSS
Exploits5References2Affected Software1
wpexploit
wpexploitadded 2015/02/11 12:0 a.m.24 views

Wordpress Video Gallery <= 2.7 - SQL Injection

The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability. http://example.com/wp-admin/admin-ajax.php?action=rss&type=video&vid=SQLi...

7.5CVSS1.7AI score0.80939EPSS
Exploits4References2
wpexploit
wpexploitadded 2015/01/28 12:0 a.m.33 views

Photo Gallery <= 1.2.8 - Multiple Authenticated Reflected XSS

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Multiple Authenticated Reflected XSS security vulnerability. /wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg,jpeg,png,gif&callback=bwgaddpreviewimage&sortby=name";alert1...

3.5CVSS1.8AI score0.00246EPSS
Exploits4References1
0day.today
0day.todayadded 2015/01/19 12:0 a.m.351 views

Wordpress Theme Avada Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Theme Avada Arbitrary File Download Vulnerability Date: 19/01/2014 Exploit Author: Vylegzhanin Contact : email protected Tested on: Linux / Window Google Dork: inurl:wp-content/themes/avada PoC...

7.1AI score
Exploits0
0day.today
0day.todayadded 2015/01/18 12:0 a.m.23 views

Wordpress Theme Pindol Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Theme Pindol Arbitrary File Download Vulnerability Date: 18/01/2015 Exploit Author: t3rr0rist from GHC Georgian Hacking Community Contact : email protected Tested on: Linux Google Dork: inurl:"wp-content/themes/pindol/...

7.1AI score
Exploits0
Patchstack
Patchstackadded 2015/01/16 12:0 a.m.23 views

WordPress Photo Gallery Plugin <= 1.2.7 - SQL Injection

Because of this vulnerability, attackers to execute arbitrary SQL commands via the "orderby parameter" in a GalleryBox action to wp-admin/admin-ajax.php. Solution Update the plugin...

7.5CVSS7AI score0.00529EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2015/01/13 11:59 a.m.25 views

CVE-2014-10016

Multiple cross-site scripting XSS vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via 1 unspecified vectors related to purchaselimit or the 2 name, 3 intl, 4 nocod, or 5 time parameter in an adddeliverymethod acti...

4.3CVSS5.9AI score0.00198EPSS
Exploits1References4
Prion
Prionadded 2015/01/13 11:59 a.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via 1 unspecified vectors related to purchaselimit or the 2 name, 3 intl, 4 nocod, or 5 time parameter in an adddeliverymethod acti...

4.3CVSS6.2AI score0.00198EPSS
Exploits1References4Affected Software1
Patchstack
Patchstackadded 2015/01/13 12:0 a.m.24 views

WordPress Welcart e-Commerce Plugin <= 1.3.12 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML in an adddeliverymethod action to wp-admin/admin-ajax.php via 4 parameters: "name", "intl", "nocod", or "time parameter". Solution Update the plugin...

4.3CVSS2.8AI score0.00198EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2015/01/02 10:59 p.m.19 views

CVE-2014-9461

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. dot dot in the memberdownload action to wp-admin/admin-ajax.php...

3.5CVSS6.2AI score0.0023EPSS
Exploits1References3
NVD
NVDadded 2015/01/02 7:59 p.m.13 views

CVE-2014-9441

Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...

6.8CVSS6.7AI score0.00095EPSS
Exploits1References2
Prion
Prionadded 2015/01/02 7:59 p.m.12 views

Sql injection

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...

6.5CVSS8.6AI score0.00438EPSS
Exploits1References4Affected Software1
Prion
Prionadded 2015/01/02 7:59 p.m.14 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...

6.8CVSS7AI score0.00095EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2015/01/02 7:0 p.m.42 views

CVE-2014-9441

The CVE-2014-9441 entry concerns the WordPress Lightbox Photo Gallery 1.0 plugin, which is vulnerable to multiple CSRF (and associated XSS) flaws. According to the sources, remote attackers can hijack administrator authentication to perform actions such as changing plugin settings via unspecified...

6.8CVSS6.8AI score0.00095EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2015/01/02 7:0 p.m.15 views

CVE-2014-9441

Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...

6.7AI score0.00095EPSS
Exploits1References2
Rows per page
Query Builder