1398 matches found
WordPress Comments Import And Export CSV Injection
Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...
WordPress Cookie Consent Plugin < 2.3.10 XSS Vulnerability
The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link:...
Jenkins Promoted Builds Plugin Security Bypass Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the Status.java and ManualCondition.java files in Jenkins Promoted Builds Plugin 2.31.1 and earlier versions, which stems from a program that makes it...
CVE-2014-2674
Directory traversal vulnerability in the Ajax Pagination twitter Style plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the loop parameter in an ajaxnavigation action to wp-admin/admin-ajax.php...
CVE-2017-1000113
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...
bijouterieronaldfortier.com XSS vulnerability
Open Bug Bounty ID: OBB-303054 Description| Value ---|--- Affected Website:| bijouterieronaldfortier.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WordPress Photocrati NextGEN Gallery Plugin File Upload Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Photocrati NextGEN Gallery plugin is one of the image management plugin. A security vulnerability exists in the...
PT-2017-2795
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.1.1 through 2.3.x before 2.3.34 Apache Struts versions 2.5.x before 2.5.13 Description The issue is related to the REST Plugin in Apache Struts, which uses an XStreamHandler with an instance of XStream for...
I Recommend This <= 3.8.1 - Authenticated SQL Injection
Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...
WordPress Single Personal Message 1.0.3 SQL Injection
Exploit Title: Single Personal Message 1.0.3 a Plugin WordPress a Sql Injection Date: 28/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/simple-personal-message/ Software Link: https://wordpress.org/plugins/simple-personal-message/ Contact:...
W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SNS Push Messages
The W3 Total Cache WordPress plugin was affected by a Weak Validation of Amazon SNS Push Messages security vulnerability...
Photoxhibit <= 2.1.8 - Reflected XSS Issues
Plugin is still affected and has been closed...
SUSE-SU-2015:2183-1 Security update for strongswan
The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817...
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...
WordPress Easy2Map 1.2.9 Cross Site Scripting
Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Ibéria Medeiros Vulnerability Details: ===================== It was discovered that no protection...
WordPress Pie Register Plugin <= 2.0.18 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. Solution Update the plugin...
xPinner Lite <= 2.2 - Cross-Site Scripting (XSS) & CSRF
The xpinner-lite WordPress plugin was affected by a Cross-Site Scripting XSS & CSRF security vulnerability...
sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)
The sourceafrica WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...
CP Image Store with Slideshow <= 1.0.6 - Purchase ID Brute Force Prevention
The CP Image Store with Slideshow WordPress plugin was affected by a Purchase ID Brute Force Prevention security vulnerability...