Cross site scripting

Cross-site scripting XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajaxnonce parameter to wp-admin/admin-ajax.php...

CVE-2013-1409

CVE-2013-1409 affects the WordPress CommentLuv plugin prior to 2.92.4. The vulnerability is a cross-site scripting (XSS) flaw in the _ajax_nonce parameter passed to wp-admin/admin-ajax.php, allowing an attacker to inject arbitrary script/HTML. CVSSv2 base score listed as 4.3 (Medium) with I-P imp...

CVE-2013-1409

Cross-site scripting XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajaxnonce parameter to wp-admin/admin-ajax.php...

WordPress Zedity 2.4.0 Cross Site Scripting

============================================================== Title ...| Zedity XSS Version .| zedity.2.4.0 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...

CVE-2012-6624

Cross-site scripting XSS vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloudisgoldplayerpreview action to wp-admin/admin-ajax.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloudisgoldplayerpreview action to wp-admin/admin-ajax.php...

CVE-2012-6624

The CVE concerns the SoundCloud Is Gold WordPress plugin (v2.1) where a Cross-Site Scripting (XSS) flaw exists in the width parameter of the soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php. This allows remote attackers to inject arbitrary script/HTML in the context of affected...

CVE-2013-5673

SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the customquery parameter in a testimonialadd action to wp-admin/admin-ajax.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add a testimonial via an iNICtestimonialsave action; 2 add a listing template via an...

5uCMS 1.2.2024 admin/ajax.php SQL注入漏洞

No description provided by source...

WordPress <2.2 wp-admin-admin-ajax.php SQL注入漏洞

No description provided by source...

CVE-2008-2976

Multiple directory traversal vulnerabilities in TinX/cms 1.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 language parameter to a includeme.php, b admin/ajax.php, and c...

[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3

waraxe-2007-SA050 - Sql Injection in WordPress 2.1.3 ==================================================================== Author: Janek Vind "waraxe" Date: 21. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-50.html Target software description: Vulnerable: WordPress 2.1.3...

WordPress check_ajax_referer() Function SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'cookie' parameter of the 'wp-admin/admin-ajax.php' script before using it in the 'checkajaxreferer' function in database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated, remote attacker...

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

WordPress <= 2.1 - SQL Injection

Because of this vulnerability in wp-admin/admin-ajax.php,the attackers can execute arbitrary SQL commands via the "cookie" parameter. Solution Update WordPress...

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

No description provided by source. ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit //...

Wordpress admin-ajax.php远程SQL注入漏洞

WordPress是一款免费的论坛Blog系统。 WordPress实现上存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击非授权访问数据库。 WordPress的wp-admin/admin-ajax.php文件没有正确验证对cookie参数的输入。在wp-admin/admin-ajax.php的6行： ------------------source code---------------------- define'DOINGAJAX', true; checkajaxreferer; if !isuserloggedin die'-1';...