CVE-2016-20083 WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

CVE-2015-9424

The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php globalurl or adminurl parameter...

UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...

WordPress WP HTML Sitemap plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP HTML Sitemap plugin is used in one of the by entering a short code in the page to add HTML sitemap plugin. A...

CVE-2018-6469

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSStags parameter to wp-admin/options-general.php...

WordPress read-and-understood plugin cross-site scripting vulnerability (CNVD-2018-01260)

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. read-and-understood plugin is the use of one of the use of the document reading plugin . A cross-site scripting...

CVE-2017-16955

SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php...

WordPress Google Analyticator 'options-general.php' plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Google Analyticator is one of the Google Analytics plug-ins. A cross-site request forgery vulnerability exists in t...

CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...

CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...