WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via DisplayFAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

WordPress Ultimate Product Catalogue 3.1.2 SQL Injection

-------- ISSUE 1: Exploit Title: Unauthenticated SQLi in ItemID POST parameter on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" Date: 22/04/2015...

Ultimate Product Catalogue WordPress Plugin - SQL Injecton Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Unauthenticated SQLi on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" Date:...

WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)

WordPress Plugin Ultimate Product Catalogue - SQL Injection 2 Exploit Title: Unauthenticated SQLi on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/"...

WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)

WordPress Plugin Ultimate Product Catalogue - SQL Injection 1 Exploit Title: Unauthenticated SQLi in ItemID POST parameter on Ultimate Product Catalogue wordpress plugin Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category",...