CVE-2016-10945

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF...

EUVD-2016-1936

Malware in sbrugna...

Exploit for Missing Authentication for Critical Function in Getigniteup Igniteup

Wordpress IgniteUp plugin vulnerability Wordpress IgniteUp plu...

Cross site request forgery (csrf)

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF...

CVE-2019-14773

admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion...

CVE-2018-11632

The CVE-2018-11632 issue affects the WordPress plugin Add Social Share Messenger Buttons Whatsapp and Viber (version 1.0.8) by lack of nonce/capability checks in whatsapp_share_setting_add_update(), enabling CSRF to change settings when an admin visits a crafted URL via spear phishing/social engi...

MiniCMS Information Disclosure Vulnerability (CNVD-2018-08993)

MiniCMS is a mini content management system CMS designed for personal websites. An information disclosure vulnerability exists in the mc-admin/post.php file in MiniCMS version 1.10. A remote attacker can exploit this vulnerability to view all files located in the web root path...

CVE-2015-4064

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

Sql injection

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

CVE-2015-4064

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...