WordPress plugin "MaxButtons" vulnerable to cross-site scripting

Overview The WordPress plugin "MaxButtons" provided by Max Foundry contains a cross-site scripting vulnerability CWE-79. ASAI Ken and Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

WordPress plugin "WP Booking System" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Booking System" provided by WP Booking System contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA...

UBUNTU-CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

CentOS Update for gstreamer1-plugins-bad-free CESA-2017:0021 centos7

Check the version of gstreamer1-plugins-bad-free SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting

Overview "WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

WordPress Google Sitemap 2.9.1 Cross Site Scripting

Plugin Name : Google Sitemap Effected Version : 2.9.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept :...

WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting

WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting Application: WP-Client Version: 3.8.7 Author: Pier-Luc Maltais from COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== One plugin configures multiple are...

WordPress Appointment Booking Calendar 1.1.7 XSS

Vulnerability title: Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7320 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibéria Medeiros Vulnerability Details:...

openSUSE Security Update : icedtea-web (openSUSE-2015-602)

The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...

SUSE-SU-2015:1073-1 Security update for java-1_7_0-ibm

This update fixes the following security issues: - Version bump to 7.1-3.0 release bnc930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 - Fix removeing links before update-alternatives run. bnc931702 - Fix bnc912434, javaws/plugin stuff should slave plugin update-alternatives - Fix...

WordPress Ultimate Product Catalogue Plugin <= 3.1.1 - Unauthenticated File Upload

Remote unauthenticated attacker can exploit this issue by sending a specially-crafted HTTP POST request. Solution Update the plugin...

WordPress Tune Library 1.5.4 SQL Injection

======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Score 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P homepage:...

WordPress Community Events 1.3.5 SQL Injection

======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Base Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P homepage:...

The popular WordPress caching plugin WP-Super-Cache aeration high-risk security vulnerabilities-vulnerability warning-the black bar safety net

The popular WordPress caching plugin WP-Super-Cache recently exposed high-risk vulnerability, the attacker may be in a page to inject malicious code, which makes millions of WordPress websites in danger. WP Super Cache is a classic veteran and a good cache plugin can greatly improve website...

CVE-2015-1204

Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...

Another WordPress Classifieds Cross Site Scripting / SQL Injection

Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ Issue number 1: Cross-site scripting reflective Details: An arbitrarily supplied U...

WordPress Content Audit 1.6 Blind SQL Injection Vulnerability

WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability. Details ================ Software: Content Audit Version: 1.6 Homepage: http://wordpress.org/plugins/content-audit/ Advisory report:...

Adobe Pixel Shader

Added: 06/24/2014 CVE: CVE-2014-0515 BID: 67092 OSVDB: 106347 Background The Adobe Flash plugin provides flash content rendering for web browsers. Problem A buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be...

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #2

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "p" parameter. Solution Update the plugin...