Lucene search
K

67 matches found

CVE
CVE
added 2018/01/12 9:0 a.m.41 views

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...

4.8CVSS4.9AI score0.00623EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/01/12 9:0 a.m.22 views

CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...

8.8AI score0.00642EPSS
Exploits1References2
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.16 views

WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...

8.8CVSS4.5AI score0.00726EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2018/01/09 12:0 a.m.23 views

WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via the flickrappid parameter to wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...

4.8CVSS2.9AI score0.00799EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/01/08 7:29 a.m.16 views

Design/Logic Flaw

The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...

3.5CVSS4.8AI score0.00799EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/01/08 7:29 a.m.13 views

Cross site request forgery (csrf)

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...

6.8CVSS8.7AI score0.00726EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/01/08 7:29 a.m.13 views

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...

8.8CVSS8.8AI score0.00726EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/01/08 7:0 a.m.26 views

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...

5.9AI score0.00799EPSS
Exploits1References3
CVE
CVE
added 2018/01/08 7:0 a.m.39 views

CVE-2018-5284

CVE-2018-5284 affects the WordPress plugin ImageInject, version 1.15. The vulnerability is a stored cross-site scripting (XSS) via the flickr_appid parameter on wp-admin/options-general.php. Root cause is input handling insufficient to neutralize script payloads in this parameter. Documented impa...

4.8CVSS5.2AI score0.00799EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/01/08 7:0 a.m.16 views

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...

8.9AI score0.00726EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/10/23 6:0 p.m.38 views

CVE-2015-5533

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...

7.3AI score0.07166EPSS
Exploits4References6
Packet Storm
Packet Storm
added 2015/12/22 12:0 a.m.25 views

WordPress Content Text Slider On Post 6.8 Cross Site Scripting

Document Title: =============== Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1655 Release Date: ============= 2015-12-07 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
NVD
NVD
added 2015/06/18 6:59 p.m.17 views

CVE-2015-4140

Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...

6.8CVSS6.5AI score0.01149EPSS
Exploits1References3
NVD
NVD
added 2015/06/18 6:59 p.m.18 views

CVE-2015-4139

Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...

3.5CVSS5.4AI score0.01564EPSS
Exploits1References3
Prion
Prion
added 2015/06/18 6:59 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...

3.5CVSS5.8AI score0.01564EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2015/06/18 6:0 p.m.38 views

CVE-2015-4140

CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...

6.8CVSS6.7AI score0.01149EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2015/06/18 6:0 p.m.33 views

CVE-2015-4139

CVE-2015-4139 affects the WordPress plugin WP Smiley (plugin version 1.4.1). The vulnerability is a cross-site scripting (XSS) flaw in the file smilies4wp.php that allows an authenticated remote user to inject arbitrary script/HTML via the s4w-more parameter to wp-admin/options-general.php. The p...

3.5CVSS5.5AI score0.01564EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2015/06/09 2:59 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...

6.8CVSS6.7AI score0.04727EPSS
Exploits5References9Affected Software1
CVE
CVE
added 2015/06/09 2:0 p.m.78 views

CVE-2015-4010

CVE-2015-4010 concerns the WordPress plugin “Encrypted Contact Form”. The vulnerability is a CSRF that also enables reflected XSS via unsanitized iframe_url data in the Update Page operation of the conformconf page, affecting admin actions in wp-admin/options-general.php. Affected versions are 1....

6.8CVSS6.4AI score0.04727EPSS
Exploits5References9Affected Software1
Prion
Prion
added 2015/02/26 3:59 p.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...

6.8CVSS7AI score0.01007EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder