WordPress gallery-by-supsystic plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gallery-by-supsystic is an image gallery plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...

CVE-2019-15648

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber...

WordPress democracy-poll plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. democracy-poll is an online poll plugin used in it. A cross-site request forgery vulnerability exists in the WordPress democracy-poll...

CVE-2016-10916

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319...

CVE-2019-15110

The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS...

CVE-2017-18536

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS...

CVE-2017-18533

The rimons-twitter-widget plugin before 1.3 for WordPress has XSS...

CVE-2016-10884

The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues...

CVE-2015-9308

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature...

CVE-2017-18514

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection...

CVE-2017-18504

The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF...

CVE-2017-18501

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

CVE-2019-7411

CVE-2019-7411 affects the WordPress plugin MyThemeShop Launcher (version 1.0.8) with multiple stored XSS vectors. The vulnerability arises in several input fields (Title, Favicon, Meta Description, Subscribe Form labels, Contact Form labels, and Social Links URLs), allowing remote authenticated u...

Pwning WordPress GraphQL

Third-party plugins are often the security Achilles heel of Content Management Systems CMS. It seems like not a month goes by without one security researcher or another uncovers a vulnerability in a plugin, undermining the security of the whole platform. Plugins are used to add functionality that...

CVE-2019-1003099

A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

CVE-2019-9914

The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes pollid XSS...

WordPress Font Organizer 2.1.1 Cross Site Scripting

Vulnerability: XSS Affected Software: FontOrganizer Affected Version: 2.1.1 Patched Version: none CVE: not requested Risk: Medium Vendor Contacted: 10/25/2018 Vendor Fix: none Public Disclosure: 02/05/2019 Credit: Tim Coen CVSS 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Overview The...

Wordpress Users Urged to Delete Zero-Day-Ridden Plugin

Researchers are urging WordPress site owners to delete a compromised plugin after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor. Researchers at Wordfence said on Friday that flaws in the plugin, Total Donations, are being exploited by malicious actors to...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...