WordPress Plugin DukaPress 2.5.2 - Directory Traversal

A directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php. id: CVE-2014-8799 info: name: WordPress Plugin...

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress DukaPress plugin <= 3.2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin DukaPress versions = 3.2.4...

EUVD-2026-11093

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-2466

The CVE-2026-2466 entry concerns the DukaPress WordPress plugin (affected version up to 3.2.4). The issue arises because the plugin does not sanitise and escape a parameter before reflecting it on the page, enabling a Reflected Cross-Site Scripting (XSS) attack. Impact is stated as potential expl...

CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

EUVD-2026-11094

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin DukaPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-24586

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

EUVD-2015-1019

Malware in sbrugna...

WordPress DukaPress Plugin File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress DukaPress Plugin File Read Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in WordPress...

Wordpress dukapress plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.DukaPress is one of the plugins used to create an online store. A SQL injection vulnerability exists in Wordpress dukapress plugin version v2.5.9, which can be exploited by remote attackers...

CVE-2015-1000011

Blind SQL Injection in wordpress plugin dukapress v2.5.9...

Sql injection

Blind SQL Injection in wordpress plugin dukapress v2.5.9...

CVE-2015-1000011

CVE-2015-1000011 affects WordPress via the DukaPress plugin up to version 2.5.9. The root cause is an unsafely handled user input in dukapress/download.php where $_GET['id'] is not sanitized before being passed to a database query, enabling a blind SQL injection. This allows unauthenticated, remo...

CVE-2015-1000011

Blind SQL Injection in wordpress plugin dukapress v2.5.9...

Wordpress DukaPress Plugin - Persistent XSS Vulnerability

Exploit for php platform in category web applications Tilte Exploit : Wordpress Plugin DukaPress - Persistent XSS Vulnerability Date : 21/09/2015 Author : ZwX Software Vendor : http://dukapress.org/ Software Link: https://wordpress.org/plugins/dukapress/ Version: 2.5.9 Levels Risk : Low Tested on...

WordPress DukaPress Plugin <= 2.5.9 - SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...