8 matches found
CVE-2010-5295
Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...
WordPress Plugin Author Box, Guest Author and Co-Authors for Your Posts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Author Box, Guest Author and Co-Authors for Your Posts Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Plugin archive directory traversal in Helm
The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.2.3. Impact A traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and...
AdRotate < 5.8.4 - Authenticated SQL Injection
Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. PoC Param "id" is vulneable to SQL Injeciton. Example 1:...
CVE-2010-5295
Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...
CVE-2010-5295
Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...
CVE-2010-5295
Cross-site scripting XSS vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action...