586 matches found
CVE-2015-9297
The events-manager plugin before 5.6 for WordPress has XSS...
CVE-2012-6713
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
Code injection
The events-manager plugin before 5.6 for WordPress has code injection...
Cross site scripting
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues...
Cross site scripting
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
CVE-2015-9297
The CVE-2015-9297 entry refers to the WordPress Events Manager plugin, affected up to versions earlier than 5.6, which contains an XSS vulnerability in the plugin. The connected Red Hat and CNVD/CVE records corroborate an XSS issue in this plugin. The NVD metrics (CVSS v3.1 base score 6.1 MEDIUM;...
CVE-2015-9298
The CVE-2015-9298 entry concerns the WordPress events-manager plugin, specifically versions prior to 5.6, which is affected by code injection. Multiple sources (NVD entry and repeat citations across Red Hat, CNVD, CVE lists, and WPVulnDB/PT Security) confirm the issue as a code injection flaw in ...
CVE-2015-9299
CVE-2015-9299 is a DOM XSS vulnerability in the WordPress Events Manager plugin prior to 5.5.7.1. The root cause is DOM-based XSS in the events-manager component, leading to potential client-side code execution with low integrity impact and no confidentiality/availability impact according to CVSS...
CVE-2012-6713
The CVE-2012-6713 entry concerns the WordPress Job Manager plugin, specifically versions before 0.7.19, which has multiple XSS issues. The vulnerability arises in the plugin’s handling of input to allow execution of client-side scripts, potentially impacting site visitors. Several connected sourc...
CVE-2012-6713
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues...
PT-2019-7257 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.6 Description: The issue concerns code injection in the events-manager plugin for WordPress. Recommendations: For versions prior to 5.6, update to version 5.6 or later to resolve the issue...
PT-2019-7259 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.5.7 Description: The issue concerns multiple XSS problems. Recommendations: For versions prior to 5.5.7, update to version 5.5.7 or later to resolve the issue...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
ManageEngine OpManager 12.4x - Privilege Escalation Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x - Privilege Escalation Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remo...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
WordPress Attendance Manager Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Attendance Manager Plugin is an attendance management plugin used in it. A cross-site scripting vulnerability exists in...
CVE-2018-16966
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wpfilemanagerroot publicpath parameter...
CVE-2018-16966
CVE-2018-16966 concerns the WordPress plugin “mndpsingh287 File Manager” (v3.0) where a CSRF vulnerability exists via the page=wp_file_manager_root public_path parameter. The issue allows an attacker to trigger actions on behalf of a logged-in user (requires user interaction per CVSS3) without au...
CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbemeventreapprovedemailbody parameter to the wp-admin/edit.php?posttype=event&page=events-manager-options URI...