20 matches found
WordPress JSmol2WP <=1.07 - Local File Inclusion
WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...
EUVD-2018-13017
Malware in sbrugna...
WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability
Unauthenticated Server Side Request Forgery SSRF vulnerability found in WordPress JSmol2WP plugin versions = 1.07. Solution 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer...
WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability
Unauthenticated Cross-Site Scripting XSS vulnerability in WordPress JSmol2WP plugin versions = 1.07. Solution 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for...
JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)
The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true=saveFile=%3Cscript%3Ealert/xss/%3C/script%3E=text/html;%20charset=utf-8...
JSmol2WP <= 1.07 - Unauthenticated Cross-Site Scripting (XSS)
The jsmol2wp WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert/xss/%3C/script%3E&mimetype=text/html;%20charset=utf-8...
JSmol2WP Arbitrary File Read Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.JSmol2WP Plugin is used in one of the plugin to support the view of the 3D chemical structure. A security...
JSmol2WP Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.JSmol2WP Plugin is used in one of the plugin to support the view of the 3D chemical structure. A cross-site...
CVE-2018-20463
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...
Directory traversal
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...
Cross site scripting
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...
CVE-2018-20462
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...
CVE-2018-20463
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...
CVE-2018-20462
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...
CVE-2018-20462
WordPress JSmol2WP plugin
CVE-2018-20462
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...
CVE-2018-20463
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF...
CVE-2018-20463
Summary: CVE-2018-20463 affects WordPress- JSmol2WP plugin,
JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)
The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability. http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php...
JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)
The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability. PoC http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true=getRawDataFromDatabase=php://filter/resource=../../../../wp-config.php...