SEO SearchTerms Tagging 2 <= 1.535 - XSS & Authenticated SQL Injection

Plugin is still affected and has been closed...

Design/Logic Flaw

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

WordPress Advanced XML Reader Plugin <= 0.1.1 - Arbitrary File Disclosure

This plugin is prone to a XML external entity data parsing arbitrary file disclosure vulnerability. It allows attackers to read system files. Solution Update the plugin...

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link:...

SUSE-SU-2015:0921-1 Security update for gstreamer-0_10-plugins-bad

gstreamer-010-plugins-bad was updated to fix a security issue, a buffer overflow in mp4 parsing bnc927559 CVE-2015-0797. Security Issues: CVE-2015-0797...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the AB Google Map Travel AB-MAP plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 lat Latitude, 2 long Longitude, 3...

WordPress Sliding Social Icons 1.61 CSRF / XSS

Title: WordPress 'Sliding Social Icons' plugin - CSRF/XSS Version: 1.61 Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-social-icons/ Notified WordPress: 2014/11/27...

CM Download Manager <= 2.0.0 - Unauthenticated Code Injection

The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server PoC GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33....

WordPress XCloner Plugin - Multiple Vulnerabilities

XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...

WordPress WP-Ban 1.62 Bypass

Details ================ Software: WP-Ban Version: 1.62 Homepage: http://wordpress.org/plugins/wp-ban/ Advisory report: https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/ CVE: CVE-2014-6230 CVSS: 5 Medium;...

GroupDocs Comparison <= 1.0.2 - Multiple Parameter XSS

The GroupDocs.Comparison for Cloud WordPress plugin was affected by a Multiple Parameter XSS security vulnerability...

GroupDocs Signature 1.2.0 - grpdocs-dialog.php Multiple Parameter XSS

The GroupDocs.Signature for Cloud WordPress plugin was affected by a grpdocs-dialog.php Multiple Parameter XSS security vulnerability...

Custom Tables 3.4.4 - iframe.php key Parameter XSS

The custom-tables WordPress plugin was affected by an iframe.php key Parameter XSS security vulnerability...

Simply Poll 1.4.1 - wp-admin/admin.php question Parameter XSS

The simply-poll WordPress plugin was affected by a wp-admin/admin.php question Parameter XSS security vulnerability...

Spider Calendar 1.3.0 - Multiple Vulnerabilities

The spider-calendar WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload

The wpmarketplace WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

LB Mixed Slideshow 1.0 - Arbitrary File Upload

The lb-mixed-slideshow WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

VideoWhisper Video Conference Integration 4.51 - Arbitrary File Upload

The Webcam Video Conference WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

wp-gpx-max version 1.1.21 - Arbitrary File Upload

The wp-gpx-map WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

iBrowser Plugin 1.4.1 (lang) - Local File Inclusion Vulnerability

No description provided by source...