EUVD-2012-4357

Malware in sbrugna...

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

CVE-2024-6270

CVE-2024-6270 affects the WordPress plugin Community Events prior to 1.5.1. The issue is a Stored XSS vulnerability caused by insufficient sanitization and escaping of certain plugin settings. This can allow high-privilege users (e.g., administrators) to inject XSS even when unfiltered_html is di...

Ultimate Dashboard < 3.7.12 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Security Bypass Vulnerability (CNVD-2017-00612)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the wp-includes/ms-functions.php file of the MultisiteWordPressAPI in...