3476 matches found
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
DEBIAN-CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
Design/Logic Flaw
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
UBUNTU-CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
CVE-2020-28033
WordPress CVE-2020-28033 affects WordPress before 5.5.2 on multisite networks. The vulnerability stems from how embeds from disabled sites are handled, allowing a spam embed to be processed. Connected sources confirm WordPress 5.5.2 addressed this issue by hardening or disabling spam embeds on mu...
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
CVE-2020-28033
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...
WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability
Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability found by David Binovec in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...
WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network
Description The release notes state: "Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network."...
PT-2020-5742 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The proble...
Malicious Package
Overview capdrupal-multisite is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
WordPress WP Forms 1.5.8.2 Cross Site Scripting
Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson...
WordPress multisite-post-duplicator plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress multisite-post-duplicator plugin versions...
CVE-2016-10944
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...
CVE-2016-10944
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...
CVE-2016-10944
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...
CVE-2016-10944
The CVE-2016-10944 entry concerns the WordPress multisite-post-duplicator plugin prior to version 1.1.3, which is vulnerable to a CSRF on wp-admin/tools.php?page=mpd. Public sources (NVD, RH) describe a cross-site request forgery vulnerability that could allow an attacker to perform unintended ad...
WordPress Plugin Diamond MultiSite Widgets SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Diamond MultiSite Widgets. An attacker can exploit the...