WordPress gravity-forms-sms-notifications plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gravity-forms-sms-notifications is a short message alert plugin used in it. A cross-site scripting vulnerability exists in the WordPre...

WordPress mailchimp-for-wp plugin cross-site scripting vulnerability (CNVD-2019-35215)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. mailchimp-for-wp is a plugin used to send e-mail to subscribers. A cross-site scripting vulnerability exists in WordPress...

WordPress liquid-speech-balloon plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. liquid-speech-balloon is a visual editor plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

WordPress animate-it plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. animate-it is a plugin used to add CSS3 animations to web pages. A cross-site scripting vulnerability exists in WordPress animate-it...

WordPress wp-social-bookmarking-light plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-social-bookmarking-light is a social sharing plugin that is used in it. A cross-site request forgery vulnerability exists in...

WordPress qtranslate-x plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. qtranslate-x is a multi-language switching plugin used in it. A cross-site request forgery vulnerability exists in WordPress...

WordPress animate-it plugin cross-site scripting vulnerability (CNVD-2019-34454)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. animate-it is a plugin used to add CSS3 animations to web pages. A cross-site scripting vulnerability exists in WordPress animate-it...

Sql injection

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afpgetnewcategorypage SQL injection via the catid parameter...

CVE-2015-9466

The CVE-2015-9466 issue affects the WordPress wti-like-post plugin prior to version 1.4.3. The vulnerability is a SQL injection in the WtiLikePostProcessVote function, exploitable via HTTP header variables including HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HT...

CVE-2015-9461

The awesome-filterable-portfolio plugin before 1.9 for WordPress has afpgetnewportfolioitempage SQL injection via the itemid parameter...

Cross site scripting

The animate-it plugin before 2.3.4 for WordPress has XSS...

Unspecified Vulnerability in CloudBees Jenkins Project Inheritance Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...

WordPress avenirsoft-directdownload plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. avenirsoft-directdownload is a download button plugin used in it. A cross-site request forgery vulnerability exists in version 1.0 of...

The vulnerability of the NPAPI plugin for Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NPAPI plugin for Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...

WordPress alo-easymail plugin has an unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. alo-easymail is used in one of the news subscription plug-ins that support multiple languages. A cross-site request forgery...

WordPress testimonial-slider plugin has unspecified vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. testimonial-slider is a sliding recommendation window plugin used in it. A security vulnerability exists in WordPress testimonial-slid...

CVE-2015-9425

The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=opanda-item&page=license-manager-sociallocker-next licensekey parameter...

CVE-2015-9449

The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php accountid parameter...

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting XSS attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and...