CVE-2025-9881

The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability

No description provided by source. ?php // Title: Wordpress Plugin Spicy Blogroll File Inclusion Vulnerability // Date: 12-07-2013 GMT+8 Kuala Lumpur // Author: Ahlspiess // Greetz: All TBDIAN - http://w3.tbd.my : // Screenshot: http://i.imgur.com/jIrUznC.png / Details: File:...

WordPress Spicy Blogroll Plugin File Inclusion Vulnerability

WordPress Spicy Blogroll Plugin is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability

Exploit for php platform in category web applications \n", $argv0; list,$host, $path, $file = $argv; $vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&var4=%s'; $request = sprintf$vfile, $host, $path, scrambledirname$file . "/", scramblebasename$file; $opts =...