1339 matches found
CVE-2012-2517
CVE-2012-2517 is an XSS vulnerability in PrestaShop before 1.4.9. The issue arises from unsanitized input in the POST/parameter named product[] to ajax.php , allowing remote attackers to inject arbitrary HTML/JS. Reported impact is cross-site scripting with potential execution in the administrato...
CVE-2012-2517
Cross-site scripting XSS vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product parameter to ajax.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...
CVE-2015-1394
Multiple cross-site scripting XSS vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the 1 sortby, 2 sortorder, 3 itemsview, 4 dir, 5 clipboardtask, 6 clipboardfiles, 7 clipboardsrc, or 8 clipboarddes...
CVE-2015-1394
The CVE-2015-1394 entry corresponds to multiple XSS vulnerabilities in the WordPress plugin Photo Gallery (before 1.2.11). The vulnerability allows remote authenticated users to inject arbitrary JavaScript/HTML via parameters (sort_by, sort_order, items_view, dir, clipboard_task, clipboard_files,...
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...
CVE-2020-7104
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...
Cross site scripting
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...
CVE-2020-7104
CVE-2020-7104 affects the WordPress Chained Quiz plugin. Versions
CVE-2020-7104
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
Code injection
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
CVE-2019-20209
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...
Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS
A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9450
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...
Sql injection
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbcc pmfbtid parameter...
Directory traversal
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfbphotos parameter in a bpfbremovetempimages action...
CVE-2015-9451
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbmailchimp pmfbtid parameter...