10 matches found
WordPress Ultimate Form Builder Lite plugin <= 1.3.7 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability found by Neven Biruski in WordPress Ultimate Form Builder Lite plugin versions = 1.3.7. Solution Update the WordPress Ultimate Form Builder Lite plugin to the latest available version at least 1.3.8...
WordPress Form Maker Plugin 1.12.24 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The...
WordPress Simple Login Log plugin <=1.1.0 - Authenticated SQL Injection vulnerability
Authenticated SQL Injection vulnerability found Neven Biruski Defencecode in WordPress Simple Login Log plugin versions =1.1.0 Solution Update the WordPress Simple Login Log plugin to the latest available version at least 1.1.2...
WordPress PressForward 4.3.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Advisory Title: WordPress PressForward Plugin Security Vulnerability Software: WordPress PressForward plugin Language: PHP Version: 4.3.0 and below Vendor Status: Vendor contacted Release Date: 2017/08/07 Risk: Medium 1. General Overview...
WordPress Easy Modal plugin <=2.0.17 - SQL Injection vulnerability
SQL Injection vulnerability found in Easy Modal WordPress plugin version 2.0.17 and earlier versions by Neven Biruski DefenseCode. Possible if a user with administrator rights tricked to follow the crafted link, users with lower rights also could access and abuse the database. Solution Update the...
WordPress Podlove Podcast Publisher plugin <=2.5.3 - SQL injection (SQLi) vulnerability
SQL injection SQLi vulnerability found by Neven Biruski in WordPress Podlove Podcast Publisher plugin version 2.5.3 and earlier version. This vulnerability allows registered users to get access to the database even if they don't have full administrator rights. Moreover, Cross Site request forgery...
WordPress PressForward plugin <=4.3.0 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Neven Biruski in WordPress PressForward plugin version 4.3.0 and earlier versions. An attacker can trick the logged in user with administrator rights to visit a link with vulnerable JavaScript and execute the malicious code. Solution At this moment...
WordPress Tribulant Newsletters plugin <=4.6.4.2 - File Disclosure vulnerability
WordPress Tribulant Newsletters plugin version 4.6.4.2 and earlier are prone to File Disclosure vulnerability. Vulnerability found by Neven Biruski DefenseCode. Solution Update WordPress Tribulant Newsletters plugin to the latest available version...
WordPress Huge-IT Video Gallery plugin <=2.0.4 - SQL Injection vulnerability
SQL Injection vulnerability found by Neven Biruski DefenseCode in WordPress Huge-IT Video Gallery plugin version 2.0.4 and earlier versions. Solution Update WordPress Huge-IT Video Gallery plugin to the latest available version...
WordPress WebDorado Gallery 1.3.29 Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Source: http://www.defensecode.com/advisories/DC-2017-02-011WordPressWebDoradoGalleryPluginAdvisory.pdf DefenseCode ThunderScan SAST Advisory WordPress WebDorado Gallery Plugin - SQL Injection Vulnerability Advisory ID: DC-2017-02-011 Software...