CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01255)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

Design/Logic Flaw

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5695

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

CVE-2018-5692

Piwigo v2.8.2 is affected by a cross-site scripting (XSS) vulnerability in admin.php. The issue can be triggered by unsafely handling input in the tab, to, section, mode, installstatus, and display parameters, allowing injection of malicious script. This vulnerability is documented across multipl...

CVE-2018-5687

NewsBee (CMS) vulnerability CVE-2018-5687: a stored/reflected XSS is possible via the Company Name field in Settings (admin/admin.php). The description across sources consistently states an XSS vulnerability in NewsBee’s Settings interface. Root cause: improper sanitization/escaping of input in t...

Design/Logic Flaw

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php buttontextlink parameter...

Design/Logic Flaw

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php formfield5label parameter...

Design/Logic Flaw

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php countertitle parameter...

CVE-2018-5666

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bgcolor parameter...

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php...

CVE-2018-5664

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php socialicon1 parameter...

CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjooecaeoptionscustomcss parameter to the wp-admin/admin.php?page=tonjooexcerpt URI...

WordPress GD Rating System plugin 2.3 - Directory Traversal vulnerability (3)

A third Directory Traversal vulnerability found by d4wner in WordPress GD Rating System plugin version 2.3. Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. Solution 1/9/2018 - we were unable to find a patched version of this plugin...

CVE-2018-5286

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page...

Directory traversal

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page...