Wordpress photoxhibit plugin cross-site scripting vulnerability (CNVD-2016-09355)

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server set up a personal blog site . photoxhibit is one of the interfaces used to build gallery plug-ins . A cross-site scripting vulnerability exist...

Wordpress enhanced-tooltipglossary plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . enhanced-tooltipglossary is one of the plug-ins to improve the performance of the view image caching . A...

CVE-2016-1000140

Reflected XSS in wordpress plugin new-year-firework v1.1.9...

CVE-2016-1000124

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6...

WordPress Claptastic clap! Button plugin has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation.Claptastic clap! Button is one of the button plugins that selects everyone's favorite content by readers clicking on different buttons. WordPress Claptastic clap! Button plugin version 1.3 has multiple cross-si...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

VulnCheck KEV: CVE-2016-10995

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...

WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting

WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page...

WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting

WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery Cross-Site Scripting I would like to disclose CSRF and stored XSS vulnerability in Kento post view counter plugin version 2.8 . The vulnerable Fields for XSS are kentopvcnumberslang kentopvctodaytext kentopvctotaltext The...

WordPress User Meta Manager Plugin Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress User Meta Manager plugin version 3.4.6, which allows attacker...

WordPress Ebook Download Plugin Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress CP Reservation Calendar Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation, and CP Reservation Calendar is one of the event calendar plugins. A SQL injection vulnerability exists in the dexreservations.php script in version 1.1.7 of the WordPress CP Reservation...

EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: EZ SQL Reports Proxy-Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Referer: http:///wp-admin/admin.php?page=ELISQLREPORTS-setting...

WordPress YouTube Embed Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in the includes/options-profiles.php script in WordPress YouTube Embed plugin versions prior to 3.3.3. The vulnerability can be exploited by ...

WordPress WP-Mon Arbitrary File Download Vulnerability

WordPress WP-Mon plugin suffers from an arbitrary file disclosure vulnerability. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | + Exploit Title:Wordpress wp-mon Plugin Arbitrary File Download Vulnerability | | +...

WordPress Plugin Pie Register Has Unspecified Vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site . Pie Register is one of the plug-ins that support customizing the member registration landing page . A security...

WordPress Like Dislike Counter 1.2.3 SQL Injection

Title : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability Risk : High+/Critical Exploit Author : XroGuE Google Dork : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajaxcounter.php AND plugins/pro-like-dislike-counter/ldc-ajax-counter.php Plugin Version : 1.2.3...

WordPress VideoWhisper Video Presentation plugin <= 1.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress VideoWhisper Video Presentation plugin = 1.1 SQL Injection Vulnerability Date: 2011-09-02 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link:...

Ian Dunn: Multiple Path Disclosure

Hi Ian, I have downloaded all the latest version's of plugin's from your wp profile and did a quick check for FPD. I know you may point out that WP does'nt consider it as a issue however i personally for plugin i look at it as a miss on best practice from plugin developers part. I do not expect a...

Wordpress Better WP Security Plugin - Stored XSS Vulnerability

Richard Warren ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...