WP Site Protect 1.0 - Cross-Site Scripting (XSS)

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the...

CVE-2017-17096

Cross-site scripting XSS vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data...

WordPress Ultimate Instagram Feed Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Ultimate Instagram Feed plugin is a photo wall plugin used in... A cross-site scripting vulnerability exists i...

HashiCorp Vagrant VMware Fusion Plugin Elevation of Privilege Vulnerability (CNVD-2017-33966)

The HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion is a tool developed by HashiCorp in the United States for building and managing virtual machine environments on VMware virtual machines. A security vulnerability exists in the HashiCorp Vagrant VMware Fusion plugin version 5.0.0...

IrfanView CADImage plugin buffer overflow vulnerability (CNVD-2017-33229)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. CADImage plugin is one of the plugins for viewing CAD files. A buffer overflow vulnerability exists in version...

IrfanView CADImage plugin buffer overflow vulnerability (CNVD-2017-32383)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. CADImage plugin is one of the plugins for viewing CAD files. A buffer overflow vulnerability exists in version...

CVE-2017-15258

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."...

CVE-2017-15249

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."...

CVE-2017-15241

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."...

CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fnssraddstsubmit function and fnssrdelstsubmit function in functions.php only require knowing the student id number...

WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02636)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...

UBUNTU-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...

Wordpress enhanced-tooltipglossary plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . enhanced-tooltipglossary is one of the plug-ins to improve the performance of the view image caching . A...

Wordpress photoxhibit plugin cross-site scripting vulnerability (CNVD-2016-09355)

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server set up a personal blog site . photoxhibit is one of the interfaces used to build gallery plug-ins . A cross-site scripting vulnerability exist...

CVE-2016-1000140

Reflected XSS in wordpress plugin new-year-firework v1.1.9...

CVE-2016-1000124

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...

WordPress Claptastic clap! Button plugin has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.Claptastic clap! Button is one of the button plugins that selects everyone's favorite content by readers clicking on different buttons. WordPress Claptastic clap! Button plugin version 1.3 has multiple cross-si...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

VulnCheck KEV: CVE-2016-10995

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...

WordPress User Meta Manager Plugin Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress User Meta Manager plugin version 3.4.6, which allows attacker...