83 matches found
Cross site request forgery (csrf)
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php...
CVE-2018-5668
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnuusernamevalidationtitle parameter...
CVE-2018-5368
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...
CVE-2018-5368
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...
CVE-2018-5369
The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...
WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via the flickrappid parameter to wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
Cross site request forgery (csrf)
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
Design/Logic Flaw
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
CVE-2018-5284
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
CVE-2018-5284
CVE-2018-5284 affects the WordPress plugin ImageInject, version 1.15. The vulnerability is a stored cross-site scripting (XSS) via the flickr_appid parameter on wp-admin/options-general.php. Root cause is input handling insufficient to neutralize script payloads in this parameter. Documented impa...
Code injection
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
gazoline.net XSS vulnerability
Vulnerable URL: http://gazoline.net/forum/general.php?recherche=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%27OPENBUGBOUNTY%27%3E=sg Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 698246...
WordPress Content Text Slider On Post 6.8 Cross Site Scripting
Document Title: =============== Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1655 Release Date: ============= 2015-12-07 Vulnerability Laboratory ID VL-ID:...
CVE-2015-4140
Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...
CVE-2015-4139
Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...
Cross site scripting
Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...