EUVD-2012-6362

Malware in sbrugna...

EUVD-2012-6361

Malware in sbrugna...

CVE-2021-24890

The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...

CVE-2024-6810 Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web...

WordPress plugin Quiz Organizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16699 · WordPress · Fileorganizer

Name of the Vulnerable Software and Affected Versions: FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary file...

CVE-2024-7985

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

CVE-2024-5599

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

PT-2024-19734 · WordPress · The Fileorganizer – Manage Wordpress/Website Files

Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and...

WordPress font-organizer plugin cross-site scripting vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress font-organize...

CVE-2019-9908

The CVE-2019-9908 entry concerns the WordPress Font Organizer plugin (version

CVE-2012-6512

The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to 1 pluginhook.php, 2 page/index.php, 3 page/dir.php 4 page/options.php, 5 page/resize.php, 6 page/upload.php, 7 page/users.php, or 8 page/view.php...

CVE-2012-6511

Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...

CVE-2012-6511

Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...

CVE-2012-6511

CVE-2012-6511 affects the WordPress plugin Organizer (version 1.2.1) and is caused by multiple XSS vulnerabilities in organizer/page/users.php. An attacker can inject arbitrary JavaScript/HTML via the delete_id or extension parameter in an Update Setting action to wp-admin/admin.php, enabling rem...

CVE-2012-6512

CVE-2012-6512 affects the WordPress Organizer plugin v1.2.1, where remote attackers can retrieve the installation path via unspecified vectors targeting multiple pages (plugin_hook.php, page/index.php, page/dir.php, page/options.php, page/resize.php, page/upload.php, page/users.php, page/view.php...

WordPress Organizer Plugin <= 1.2.1 - Multiple XSS

Because of these vulnerabilities in organizer/page/users.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

DT, XSS and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! After previous vulnerabilities in plugin Organizer, I'll present five more security vulnerabilities in plugin Organizer for WordPress. This is the fourth in series of advisories concerning vulnerabilities in this plugin. These are Directory Traversal, Cross-Site Scripting and Full...