67 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information...
CVE-2013-1758
CVE-2013-1758 affects the Marekkis Watermark WordPress plugin (version 0.9.2) and enables cross-site scripting via the pfad parameter to wp-admin/options-general.php. The flaw is a reflective XSS in the admin path, allowing remote attackers to inject arbitrary script/HTML. Public sources consiste...
CVE-2013-6992
Cross-site request forgery CSRF vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the aafireadco...
WordPress Tweet Blender Plugin <= 4.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "tbtabindex" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress User Photo Plugin <= 0.9.5.1 - XSS
Because of this vulnerability in user-photo.php, attackers can inject arbitrary web script or HTML via the PATHINFO to wp-admin/options-general.php. Solution Update the plugin...
CVE-2008-0205
Multiple cross-site request forgery CSRF vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...
Sql injection
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...