12 matches found
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
WordPress display-widgets plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. display-widgets is a widget display plugin used in it. A cross-site scripting vulnerability exists in WordPress display-widgets...
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
CVE-2015-9438
The CVE-2015-9438 entry concerns the WordPress display-widgets plugin. Affected product: WordPress display-widgets (plugin) versions before 2.04. Root cause: lack of input validation in the web application leads to cross-site scripting. Impact: XSS via admin-ajax.php endpoint (action=dw_show_widg...
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
WordPress Display Widgets Plugin Spammers Backdoor
A backdoor vulnerability exists in WordPress Display Widgets Plugin. Successful exploitation of this vulnerability allows remote attackers to change the effected site's content...
Rogue Wordpress Plugin Allowed Spam Injection
A popular WordPress plugin called Display Widgets running on 200,000 sites was removed from the official WordPress.org plugin repository after researchers discovered the plugin had a backdoor that was injecting spam ads into victims’ sites. According to researchers at Wordfence who publicly...
WordPress Display Widgets plugin has a backdoor
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Display Widgets is a WordPress display plugin. WordPress Display Widgets plugin has a backdoor, attackers can use...
WordPress Display Widgets plugin 2.6.0-2.6.3.1 - Backdoored (includes hacking tool)
The possible backdoor hacking tool found in WordPress Display Widgets plugin versions 2.6.0-2.6.3.1 by SEO Dave. Solution Deactivate and remove the WordPress Display Widgets plugin. For now, this plugin removed from WordPress plugin repository...
Display Widgets 2.6.0-2.6.3.1 - Backdoored
The display-widgets WordPress plugin was affected by a Backdoored security vulnerability...
Display Widgets <= 2.03 - Authenticated Cross-Site Scripting (XSS)
The display-widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
WordPress Display Widgets Plugin <= 2.03 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...