CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

CVE-2018-6466

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSSset parameter to wp-admin/options-general.php...

WordPress Soundy Background Music Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Soundy Background Music plugin is used in one of the background music playback plugin. A cross-site scripting...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01256)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

WordPress booking-calendar plugin cross-site scripting vulnerability (CNVD-2018-01252)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. booking-calendar plugin is used in one of the online booking plugin. A cross-site scripting vulnerability exists ...

CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...

WordPress tabs-responsive plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site. tabs-responsive plugin is used in which a tab to add plug-ins. A cross-site scripting vulnerability exists in...

Wordpress Furikake plugin open to redirection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Furikake is used in one of the statistics plugin. An open redirect vulnerability exists in version 0.1.0 of the Wordpress...

WP Site Protect 1.0 - Cross-Site Scripting (XSS)

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the...

CVE-2017-17096

Cross-site scripting XSS vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data...

WordPress Ultimate Instagram Feed Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Ultimate Instagram Feed plugin is a photo wall plugin used in... A cross-site scripting vulnerability exists i...

HashiCorp Vagrant VMware Fusion Plugin Elevation of Privilege Vulnerability (CNVD-2017-33966)

The HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion is a tool developed by HashiCorp in the United States for building and managing virtual machine environments on VMware virtual machines. A security vulnerability exists in the HashiCorp Vagrant VMware Fusion plugin version 5.0.0...

IrfanView CADImage plugin buffer overflow vulnerability (CNVD-2017-32383)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. CADImage plugin is one of the plugins for viewing CAD files. A buffer overflow vulnerability exists in version...

IrfanView CADImage plugin buffer overflow vulnerability (CNVD-2017-33229)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. CADImage plugin is one of the plugins for viewing CAD files. A buffer overflow vulnerability exists in version...

CVE-2017-15258

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."...

CVE-2017-15249

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."...

CVE-2017-15241

IrfanView version 4.44 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."...

CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fnssraddstsubmit function and fnssrdelstsubmit function in functions.php only require knowing the student id number...

WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02636)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...

UBUNTU-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...