CVE-2015-4139

CVE-2015-4139 affects the WordPress plugin WP Smiley (plugin version 1.4.1). The vulnerability is a cross-site scripting (XSS) flaw in the file smilies4wp.php that allows an authenticated remote user to inject arbitrary script/HTML via the s4w-more parameter to wp-admin/options-general.php. The p...

CVE-2015-4140

CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...

CVE-2015-4010

CVE-2015-4010 concerns the WordPress plugin “Encrypted Contact Form”. The vulnerability is a CSRF that also enables reflected XSS via unsanitized iframe_url data in the Update Page operation of the conformconf page, affecting admin actions in wp-admin/options-general.php. Affected versions are 1....

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

Cross site scripting

Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...

WordPress Plugin Google Doc Embedder 'options-general.php' HTML Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. An HTML injection vulnerability in the WordPress plugin Google Doc Embedder 'options-general.php' allows attackers to run supplied HTML and script code or steal...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

CVE-2014-9400

CVE-2014-9400 concerns the WordPress plugin “WP Unique Article Header Image” (version 1.0 and earlier). The connected sources confirm CSRF vulnerabilities that allow an attacker to hijack an administrator’s authentication for requests leading to cross-site scripting (XSS) via the parameters gt_de...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...

CVE-2014-9100

The CVE-2014-9100 entry concerns the WordPress plugin WhyDoWork AdSense v1.2, which is vulnerable to Cross-site Scripting (XSS) via the idcode parameter on the whydowork_adsense page that redirects to wp-admin/options-general.php. The root cause is unvalidated/reflected input in the idcode parame...

Cross site scripting

Cross-site scripting XSS vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngo...

BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter

The BannerMan WordPress plugin was affected by a XSS in wp-admin/options-general.php via bannermanbackground parameter security vulnerability...

Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS

The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...

Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS

The Backend Localization WordPress plugin was affected by an options-general.php kau-boysbackendlocalizationlanguage Parameter XSS security vulnerability...

WordPress Duplicate Post Plugin <= 2.5 - Reflected XSS

This plugin is prone to a reflected XSS in options-general.php post parameter. Solution Update the plugin...

CVE-2014-4848

Cross-site scripting XSS vulnerability in the Blogstand Banner blogstand-smart-banner plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bsblogid parameter to wp-admin/options-general.php...

CVE-2014-4848

The CVE-2014-4848 entry concerns the Blogstand Smart Banner WordPress plugin (version 1.0). A stored/reflected XSS vulnerability exists in the bs_blog_id parameter passed to wp-admin/options-general.php, enabling attackers to inject arbitrary script/HTML. Impact is web-page script execution by re...

CVE-2014-4845

Cross-site scripting XSS vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannermanbackground parameter to wp-admin/options-general.php...