WordPress Snazzy Maps plugin <= 1.1.3 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by DefenseCode in WordPress Snazzy Maps plugin versions = 1.1.3. Solution Update the WordPress Snazzy Maps plugin to the latest available version at least 1.1.5...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Strong Testimonials plugin Language: PHP Version: 2.31.4 and below Vendor Status:...

WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwolle Guestbook plugin Language: PHP Version: 2.5.3 and below Vendor Status: Vendor...

WordPress Snazzy Maps 1.1.3 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory: WordPress Snazzy Maps Plugin Multiple XSS Security Vulnerabilities Advisory ID: DC-2018-05-006 Advisory Title: WordPress Snazzy Maps Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Snazzy Maps...

WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection

WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...

Magento User Info Cross Site Scripting

DefenseCode Security Advisory Magento Multiple Stored Cross-Site Scripting Vulnerabilities Advisory ID: DC-2018-03-002 Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: Magento Version: Magento 2.0 prior ...

Magento Downloadable Products Cross Site Scripting

DefenseCode Security Advisory Magento Stored Cross-Site Scripting a Downloadable Products Advisory ID: DC-2018-03-003 Advisory Title: Magento Stored Cross-Site Scripting a Downloadable Products Advisory URL: http://www.defensecode.com/advisories.php Software: Magento Version: Magento 2.0 prior to...

Magento Backups Cross Site Request Forgery

DefenseCode Security Advisory Magento Backups Cross-Site Request Forgery Advisory ID: DC-2018-03-001 Advisory Title: Magento Backups Cross-Site Request Forgery Advisory URL: http://www.defensecode.com/advisories.php Software: Magento Version: Magento Open Source prior to 1.9.3.8, Magento Commerce...

SugarCRM Community Edition 6.5.26 SQL Injection

DefenseCode ThunderScan SAST Advisory SugarCRM Community Edition Multiple SQL Injection Vulnerabilities Advisory ID: DC-2018-01-011 Advisory Title: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: SugarCRM Communit...

WordPress Smooth Slider 2.8.6 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory ID: DC-2018-01-004 Advisory Title: WordPress Smooth Slider Plugin SQL injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress...

WordPress Clean Up Optimizer 4.0.0 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory ID: DC-2017-12-004 Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer...

WordPress Clean Up Optimizer 4.0.0 SQL Injection Vulnerability

WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability. Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer plugin Language:...

WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities

WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities. Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Booking...

WordPress Top-10 2.4.2 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory ID: DC-2017-12-003 Advisory Title: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Top-10 plugin...

WordPress Ad Widget 2.10.0 Local File Inclusion Vulnerability

WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability. Advisory Title: WordPress Ad Widget Plugin Local file Inclusion A Security Vulnerability Advisory URL:A A http://www.defensecode.com/advisories.php Software:A A A A A A WordPress Ad Widget plugi...

WordPress Ad Widget 2.10.0 Local File Inclusion

A A A A A A A A A A A A A DefenseCode ThunderScan SAST Advisory A A A A A A A A WordPress Ad Widget Plugin Local File Inclusion A A A A A A A A A A A A A A A A A A A A Security Vulnerability Advisory ID:A A A DC-2017-01-001 Advisory Title: WordPress Ad Widget Plugin Local file Inclusion A Securit...

WordPress Simple Login Log 1.1.1 SQL Injection

A A A A A A A A A A A A DefenseCode ThunderScan SAST Advisory A A A A WordPress Simple Login Log Plugin Multiple SQL Injection A A A A A A A A A A A A A A A A A Security Vulnerabilities Advisory ID:A A A DC-2017-01-013 Advisory Title: WordPress Simple Login Log Plugin Multiple SQL A Injection...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove Podcast Publisher plugin Language: PHP Version: 2.5.3 and below Vendor Status...

WordPress Easy Modal plugin <=2.0.17 - SQL Injection vulnerability

SQL Injection vulnerability found in Easy Modal WordPress plugin version 2.0.17 and earlier versions by Neven Biruski DefenseCode. Possible if a user with administrator rights tricked to follow the crafted link, users with lower rights also could access and abuse the database. Solution Update the...

WordPress Plugin Easy Modal 2.0.17 - SQL Injection

WordPress Plugin Easy Modal 2.0.17 - SQL Injection DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL:...