WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

WordPress Aviary Image Editor Add On For Gravity Forms Plugin - Beta Shell Upload

The remote file upload vulnerability is in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. Because of this vulnerability anyone can upload any file to the system. Solution Upgrade the plugin...

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Exploit

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07...

Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload

There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...

WordPress Ninja Forms Plugin <= 2.9.18 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution Vulnerability

WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a remote code execution vulnerability. Exploit Title: Wordpress MailChimp Subscribe Forms Remote Code Execution Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/mailchimp-subscribe-sm/...

WordPress MailChimp Subscribe Forms Plugin 1.1 - Remote Code Execution

MailChimp Subscribe Forms plugin is prone to a remote code execution vulnerability via "email" field. Solution Upgrade the plugin...

WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution

Exploit Title: Wordpress MailChimp Subscribe Forms Remote Code Execution Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/mailchimp-subscribe-sm/ Software Link: https://downloads.wordpress.org/plugin/mailchimp-subscribe-sm.1.1.zip Version: 1.1 Tested on:...

Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation - Ver2 (CVE-2012-1710)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in a certain method in the Sssplt30 ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to op...

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.0.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export

This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.0.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - SQL Injection

This plugin is prone to a SQL injection vulnerability in a-forms.php aformtrackingpage FunctionMultiple parameters. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via: a-forms.php addfieldtosection function multiple parameter, a-forms.php aforminitialpage function multiple parameter, a-forms.php aformpage function multiple parameter, a-forms.php aformsectionpage Function message parameter,...