Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to "Settings » Contact Form » Plugin Option...

CVE-2022-2432

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...

Cross site request forgery (csrf)

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

WordPress Videos sync PDF 1.7.4 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

WordPress VM Backups 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress.Plugins for WordPress. VM Backups WordPress...

WordPress YIT Plugin Framework Unauthorized Modification Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.YIT Plugin Framework is one of the YIT plugin frameworks used in it. A security vulnerability exists in the...

CVE-2014-2559

Multiple cross-site request forgery CSRF vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php...

CVE-2014-2559

Multiple cross-site request forgery CSRF vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 disqusreplace, 2 disquspublickey, or 3...

Another Mambo module remote inclusion vulneribility

Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file : MambWeather/Savant2/Savant2Pluginoptions.php ?php / Base plugin class. / global...

Mambo Module MambWeather 1.8.1 - Remote File Inclusion

Mambo Module MambWeather 1.8.1 - Remote File Inclusion Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file :...