CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page...

WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== WPJobBoard is bundled with 15+ shortcodes, allowing you to easily build completely uniqu...

WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5695 CVE-ID: ======= CVE-2018-5695 Release Date:...

WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1940 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5695 CVE-ID: ======= CVE-2018-5695 Release Date:...

PHP Web Stat 4.5.03 Backdoor Account

======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...

CVE-2017-17827

Piwigo 2.9.2 is vulnerable to Cross‑Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. The connected records consistently describe this CSRF issue ...

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

CVE-2017-17775

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request...

CVE-2017-17775

Piwigo 2.9.2 is vulnerable to a cross-site scripting (XSS) flaw triggered by the name parameter in an admin.php?page=album-3-properties request. The issue affects the web-based photo gallery software as described in CVE-2017-17775; details in connected records confirm the vulnerability class and ...

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

Cross site scripting

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

CVE-2017-16904

The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator...

CVE-2017-16904

The CVE concerns LvyeCMS (admin.php, Public tologin) up to version 3.1 where a crafted username enables cross-site scripting. The underlying cause is mishandling of the username during admin log viewing, allowing an attacker to inject Web script/HTML that is executed in an administrator’s view. S...

PT-2017-14608 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...

PT-2017-14607 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...

CVE-2017-15810

The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...

CVE-2017-14622

Multiple cross-site scripting XSS vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php...

Sql injection

SQL Injection exists in /includes/event-management/index.php in the event-espresso-free aka Event Espresso Lite plugin v3.1.37.12.L for WordPress via the recurrenceid parameter to /wp-admin/admin.php...

CVE-2015-4089

Multiple cross-site request forgery CSRF vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the 1 saveOption, 2 deleteCache, 3...