3476 matches found
WordPress Diamond MultiSite Widgets 1.8.2 SQL Injection
Exploit Title : WordPress Diamond MultiSite Widgets Plugins 1.8.2 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : amegrant.com Software Download Link : downloads.wordpress.org/plugin/diamond-multisite-widgets.1.8.2.zip...
CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...
CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...
Code injection
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...
CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network...
WordPress 4.4.x < 4.4.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...
WordPress 3.7.x < 3.7.17 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...
Cross-Site Scripting (XSS)
WordPress is vulnerable to cross-site scripting XSS attacks. The attack exists because the unfilteredhtml capability is ignored in the mapmetacap function of wp-includes/capabilities.php when the multisite feature is used...
WordPress < 4.7.1 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.7.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to...
WordPress Security Bypass Vulnerability (CNVD-2017-00612)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the wp-includes/ms-functions.php file of the MultisiteWordPressAPI in...
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
DEBIAN-CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
Design/Logic Flaw
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
UBUNTU-CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
CVE-2017-5493
The CVE-2017-5493 issue affects WordPress multisite activation keys in wp-includes/ms-functions.php. The root cause is weak randomness when generating multisite activation keys, which can let an unauthenticated remote attacker bypass access restrictions during (1) site signup or (2) user signup. ...
CVE-2017-5493
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...
Wordpress Plugin Multisite Post Duplicator Cross-Site Request Forgery Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A cross-site request forgery vulnerability exists in the tools.php page of version 0.9.5.1 of the Wordpress plug...
WordPress Multisite Post Duplicator 0.9.5.1 Plugin - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications alert1" input type="text" name=...