5 matches found
WordPress is vulnerable to Sensitive Data Exposure
Software WordPress Type WordPress Core Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 33dadfeb4ac4 Credits Marc-Alexandre Montpas Automattic Required privile...
WordPress Duplicate Page plugin <= 3.3 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Marc-Alexandre Montpas in WordPress Duplicate Page plugin versions = 3.3. Solution Update the WordPress Duplicate Page plugin to the latest available version at least 3.4...
Joomla HTTP Header Unauthenticated Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...
Jetpack <= 3.7.0 - Stored Cross-Site Scripting (XSS)
Jetpack versions 3.7.0 and earlier are vulnerable to a cross-site scripting vulnerability in the contact form due to improper input sanitization. Reported by Marc-Alexandre Montpas from Sucuri...
Debian Security Advisory DSA 3332-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect yo...