CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability

Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability found by David Binovec in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network

Description The release notes state: "Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network."...

PT-2020-5742 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The proble...

Malicious Package

Overview capdrupal-multisite is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

WordPress WP Forms 1.5.8.2 Cross Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson...

WordPress multisite-post-duplicator plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress multisite-post-duplicator plugin versions...

CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...

CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...

CVE-2016-10944

The CVE-2016-10944 entry concerns the WordPress multisite-post-duplicator plugin prior to version 1.1.3, which is vulnerable to a CSRF on wp-admin/tools.php?page=mpd. Public sources (NVD, RH) describe a cross-site request forgery vulnerability that could allow an attacker to perform unintended ad...

CVE-2016-10944

The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...

WordPress Plugin Diamond MultiSite Widgets SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Diamond MultiSite Widgets. An attacker can exploit the...

WordPress Diamond MultiSite Widgets 1.8.2 SQL Injection

Exploit Title : WordPress Diamond MultiSite Widgets Plugins 1.8.2 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : amegrant.com Software Download Link : downloads.wordpress.org/plugin/diamond-multisite-widgets.1.8.2.zip...

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

Code injection

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...

WordPress 4.4.x < 4.4.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...