Cross site scripting

Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...

WordPress Plugin Google Doc Embedder 'options-general.php' HTML Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. An HTML injection vulnerability in the WordPress plugin Google Doc Embedder 'options-general.php' allows attackers to run supplied HTML and script code or steal...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the messageformat parameter in the twimp-wp.php page to...

CVE-2014-9400

CVE-2014-9400 concerns the WordPress plugin “WP Unique Article Header Image” (version 1.0 and earlier). The connected sources confirm CSRF vulnerabilities that allow an attacker to hijack an administrator’s authentication for requests leading to cross-site scripting (XSS) via the parameters gt_de...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...

CVE-2014-9100

The CVE-2014-9100 entry concerns the WordPress plugin WhyDoWork AdSense v1.2, which is vulnerable to Cross-site Scripting (XSS) via the idcode parameter on the whydowork_adsense page that redirects to wp-admin/options-general.php. The root cause is unvalidated/reflected input in the idcode parame...

Cross site scripting

Cross-site scripting XSS vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngo...

BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter

The BannerMan WordPress plugin was affected by a XSS in wp-admin/options-general.php via bannermanbackground parameter security vulnerability...

Marekkis Watermark 0.9.2 - wp-admin/options-general.php pfad Parameter XSS

The Marekkis Watermark-Plugin WordPress plugin was affected by a wp-admin/options-general.php pfad Parameter XSS security vulnerability...

Backend Localization 1.6.1 - options-general.php kau-boys_backend_localization_language Parameter XSS

The Backend Localization WordPress plugin was affected by an options-general.php kau-boysbackendlocalizationlanguage Parameter XSS security vulnerability...

WordPress Duplicate Post Plugin <= 2.5 - Reflected XSS

This plugin is prone to a reflected XSS in options-general.php post parameter. Solution Update the plugin...

CVE-2014-4848

Cross-site scripting XSS vulnerability in the Blogstand Banner blogstand-smart-banner plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bsblogid parameter to wp-admin/options-general.php...

CVE-2014-4848

The CVE-2014-4848 entry concerns the Blogstand Smart Banner WordPress plugin (version 1.0). A stored/reflected XSS vulnerability exists in the bs_blog_id parameter passed to wp-admin/options-general.php, enabling attackers to inject arbitrary script/HTML. Impact is web-page script execution by re...

CVE-2014-4845

Cross-site scripting XSS vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannermanbackground parameter to wp-admin/options-general.php...

CVE-2014-4723

Cross-site scripting XSS vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php...

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF

The Simple Share Buttons Adder WordPress plugin was affected by an options-general.php Multiple Admin Actions CSRF security vulnerability...

Cross site scripting

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...

CVE-2013-1758

Cross-site scripting XSS vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information...