67 matches found
CVE-2018-5369
The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...
CVE-2018-5368
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...
WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via the flickrappid parameter to wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
Design/Logic Flaw
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
Cross site request forgery (csrf)
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
CVE-2018-5284
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
CVE-2018-5284
CVE-2018-5284 affects the WordPress plugin ImageInject, version 1.15. The vulnerability is a stored cross-site scripting (XSS) via the flickr_appid parameter on wp-admin/options-general.php. Root cause is input handling insufficient to neutralize script payloads in this parameter. Documented impa...
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
WordPress Content Text Slider On Post 6.8 Cross Site Scripting
Document Title: =============== Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1655 Release Date: ============= 2015-12-07 Vulnerability Laboratory ID VL-ID:...
CVE-2015-4140
Cross-site request forgery CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting XSS attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.ph...
CVE-2015-4139
Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...
Cross site scripting
Cross-site scripting XSS vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...
CVE-2015-4140
CVE-2015-4140 : In the WP Smiley plugin for WordPress (version 1.4.1), a CSRF vulnerability allows remote attackers to hijack the authentication of editors and carry out cross-site scripting (XSS) via the s4w-more parameter to smilies4wp.php, targeting wp-admin/options-general.php. The issue stem...
CVE-2015-4139
CVE-2015-4139 affects the WordPress plugin WP Smiley (plugin version 1.4.1). The vulnerability is a cross-site scripting (XSS) flaw in the file smilies4wp.php that allows an authenticated remote user to inject arbitrary script/HTML via the s4w-more parameter to wp-admin/options-general.php. The p...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...
CVE-2015-4010
CVE-2015-4010 concerns the WordPress plugin “Encrypted Contact Form”. The vulnerability is a CSRF that also enables reflected XSS via unsanitized iframe_url data in the Update Page operation of the conformconf page, affecting admin actions in wp-admin/options-general.php. Affected versions are 1....
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the CrossSlide jQuery crossslide-jquery-plugin-for-wordpress plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS...