1599 matches found
PT-2017-14608 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...
CVE-2017-15810
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...
CVE-2017-14622
Multiple cross-site scripting XSS vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php...
Sql injection
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free aka Event Espresso Lite plugin v3.1.37.12.L for WordPress via the recurrenceid parameter to /wp-admin/admin.php...
CVE-2015-4089
Multiple cross-site request forgery CSRF vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the 1 saveOption, 2 deleteCache, 3...
CVE-2015-4089
The CVE-2015-4089 entries describe multiple CSRF vulnerabilities in the WordPress WP Fastest Cache plugin, specifically in the optionsPageRequest function of admin.php prior to version 0.8.3.5. An attacker can exploit the wpFastestCachePage parameter to invoke (1) saveOption, (2) deleteCache, (3)...
CVE-2015-8353
Cross-site scripting XSS vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the objectname parameter in a rs-objectroleedit page to wp-admin/admin.php...
Theo CMS 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-004 - Original release date: July 11, 2017 - Last revised: August 12, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score...
Code injection
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
CVE-2017-11756
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
Hashtopus SQL Injection Vulnerability
Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A SQL injection vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'format' parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
Sql injection
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11677
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...
CVE-2017-11678
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11679
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
CVE-2017-11678
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11677
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...