WordPress Media from FTP Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Media from FTP plugin is used in one of the media file upload plugin. A directory traversal vulnerability exists i...

WordPress Easy Custom Auto Excerpt Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Easy Custom Auto Excerpt plugin is used in one of the document collection plugin. A cross-site scripting...

WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery

Exploit Title: Social Media Widget by Acurax CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://www.acurax.com/ Software Link: https://wordpress.org/plugins/acurax-social-media-widget Version: 3.2.5 Tested on:...

Design/Logic Flaw

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjooecaeoptionscustomcss parameter to the wp-admin/admin.php?page=tonjooexcerpt URI...

CVE-2018-5289

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page...

WordPress ImageInject plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.ImageInject plugin is used in one of the image upload plugin. A cross-site scripting vulnerability exists in versi...

WordPress ILLID Share This Image plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.ILLID Share This Image plugin is used to add a social sharing icon plugin. A cross-site scripting vulnerability...

CVE-2018-3811

The information set confirms CVE-2018-3811 affects the WordPress Oturia Smart Google Code Inserter plugin prior to v3.5. The root cause is an SQL Injection in saveGoogleAdWords() where $_POST["oId"] is unsafely interpolated into an SQL query without prepared statements or input sanitization, allo...

Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)

Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...

Design/Logic Flaw

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

WordPress WooCommerce Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce plugin is one of the free e-commerce plugin. A directory traversal vulnerability exists in WordPress...

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

WordPress Emag Marketplace Connector Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.Emag Marketplace Connector plugin is used in which a can be WooCommerec store and the The eMAG Marketplace...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

WordPress Snap Creek Duplicator (WordPress Site Migration&Backup) plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports a personal blog site set up on a server in PHP and MySQL.Snap Creek Duplicator WordPress Site Migration&Backup is one of the WordPress backup migration plugin. A...

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System = 8.0.7 allows anyone to upload PHP files with extensions like ".phtml", ".php4", ".php5", and so on, all of which are run as if their extension was ".php" on most hosting platforms. This is because "includes/admin/attachment/uploadAttachment.php" contains...

HashiCorp Vagrant VMware Fusion Plugin Permissions Vulnerability

The HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion is a tool developed by HashiCorp in the United States for building and managing virtual machine environments on VMware virtual machines. A security vulnerability exists in version 5.0.1 of the HashiCorp Vagrant VMware Fusion...

WordPress ultimate-form-builder-lite plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...

DEBIAN-CVE-2017-16510

WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...

Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change

In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. PoC The below form will set the...