Lucene search
K

586 matches found

Patchstack
Patchstack
added 2017/07/27 12:0 a.m.11 views

WordPress WooCommerce Stock Manager Plugin <= 1.0.7 - Authenticated Product Settings Change Vulnerability

In the function function stockmanagersaveoneproductstockdata, doesn't check for user capabilities so any logged in user can change the settings. Solution Update the plugin...

2.2AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/03/02 12:0 a.m.2 views

Wordpress Download Manager plugin cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress Download Manager plugin. An attacker can exploit the...

6.8AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/05/24 12:0 a.m.0 views

WordPress SP Projects and Document Manager Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress SP Projects and Document Manager Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4AI score
Exploits0
Patchstack
Patchstack
added 2016/02/08 12:0 a.m.10 views

WordPress User Meta Manager Plugin 3.4.6 - Information Disclosure

Because of this vulnerability, any user, who is registered, can perform many AJAX requests and in that way get all contents of "usermeta" DB table. Solution Upgrade to version 3.4.8...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/02/04 12:0 a.m.7 views

WordPress User Meta Manager Plugin 3.4.6 - Privilege Escalation

Because of this vulnerability, a registered user can modify the meta information. Solution Update the plugin...

3.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/08/25 12:0 a.m.10 views

WordPress Job Manager Plugin <= 0.7.24 - Cross Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because authenticated administrators can inject HTML or JS code. Vulnerable parameter is "jobman-rating". Solution Update the plugin...

1AI score
Exploits0References1Affected Software1
NVD
NVD
added 2015/08/13 2:59 p.m.29 views

CVE-2015-2321

Cross-site scripting XSS vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field...

4.3CVSS5.7AI score0.0489EPSS
Exploits6References3
CVE
CVE
added 2015/08/13 2:0 p.m.61 views

CVE-2015-2321

The CVE-2015-2321 entry applies to the WordPress Job Manager plugin (Job Manager Plugin for WordPress) version

4.3CVSS5.8AI score0.0489EPSS
Exploits6References3Affected Software1
Patchstack
Patchstack
added 2015/08/07 12:0 a.m.8 views

WordPress Job Manager Plugin 0.7.22 - Persistent XSS

Job Manager plugin is prone to a persistent XSS vulnerability, because email field was not sanitized. It allows an attacler to steal cookies or perform phishing attacks. Other attacks are also possible. Solution Update the plugin...

4.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/07/08 12:0 a.m.10 views

WordPress Smart Manager Plugin <= 3.9.6 - SQL Injection

Because of this vulnerability, unauthenticated remote attackers can execute arbitrary SQL commands. Solution Update the plugin...

6.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/10 12:0 a.m.8 views

N-Media File Uploader <= 3.7 - Arbitrary File Upload

The Frontend File Manager Plugin WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.9 views

WordPress Events Manager Plugin <= 5.3.8 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.2AI score
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2015/03/31 12:0 a.m.30 views

WordPress Plugin SP Project &amp; Document Manager 2.5.3 - Blind SQL Injection

Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com Software Link:...

7.4AI score
Exploits0
Prion
Prion
added 2014/12/02 4:59 p.m.19 views

Open redirect

Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter...

5.8CVSS7.1AI score0.02256EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2014/11/27 12:0 a.m.39 views

WordPress Ad-Manager 1.1.2 Open Redirect

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication:...

5.8CVSS6.7AI score0.02256EPSS
Exploits1
Patchstack
Patchstack
added 2014/11/04 12:0 a.m.18 views

WordPress Download Manager Plugin - Arbitrary File Download

Because of this vulnerability, the attackers can read arbitrary files in the "fname" parameter to views/filedownload.php or filedownload.php. Solution Update the plugin...

5CVSS4.9AI score0.0285EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2014/10/21 3:0 p.m.32 views

CVE-2014-4517

The CVE-2014-4517 entry concerns the WordPress plugin CBI Referral Manager (versions up to 1.2.1). The vulnerability is a Cross‑Site Scripting (XSS) flaw in getNetworkSites.php, exploitable via the searchString parameter, enabling remote attackers to inject arbitrary script/HTML. This is supporte...

4.3CVSS6AI score0.01629EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/10/13 12:0 a.m.25 views

WordPress Ad Manager Plugin <=1.1.2 - Open Redirect

This vulnerability is in the track-click.php. It allows the attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "out" parameter. Solution Update the plugin...

5.8CVSS5.2AI score0.02256EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2014/09/05 12:0 a.m.12 views

WordPress Premium Gallery Manager Plugin - Unauthenticated Configuration Access

WordPress Premium Gallery Manager plugin is prone to a unauthenticated configuration access vulnerability. It allows an attacker to change the default configuration without proper authentication. Other attacks are also possible. Solution Upgrade the plugin...

4.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.10 views

IndiaNIC FAQs Manager 1.0 - CAPTCHA Value Disclosure

The faqs-manager WordPress plugin was affected by a CAPTCHA Value Disclosure security vulnerability...

2.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder