WordPress user-login-history plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. user-login-history plugin is one of the user login tracking plugin. A cross-site scripting vulnerability exists in...

CloudBees Poll SCM Plugin Cross-Site Request Forgery Vulnerability

CloudBees Poll SCM Plugin is the United States CloudBees company Jenkins Java-based development of continuous integration tools in a timed execution plugin . The CloudBees Poll SCM Plugin suffers from a cross-site request forgery vulnerability that stems from the program failing to require a POST...

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

WordPress Form Manager Code Execution Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Form Manager plugin is one of the form management plugin . A security vulnerability exists in the...

CVE-2017-15863

Cross Site Scripting XSS exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php...

CVE-2017-15753

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at...

Directory traversal

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference...

Simple Login Log <= 1.1.0 - Authenticated SQL Injection

The Simple Login Log WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

NiuShop open source mall system v1.16 front-end use plug-in functionality at the existence of any file contains vulnerabilities

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a PHP open source e-commerce system . NiuShop open source mall system v1.16 front-end use plug-in functionality at the existence of any file contains a...

CVE-2015-2673

The ecajaxupdateoption and ecajaxclearalltaxrates functions in inc/admin/adminajaxfunctions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the optionname and optionvalue parameters...

CVE-2015-9233

The cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cpcontactformpp.php and cpcontactformppadminintlist.inc.php...

CVE-2015-9234

The cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin before 1.1.6 for WordPress has SQL injection via the cpcontactformppid parameter to cpcontactformpp.php...

WordPress Simple Ads Manager Plugin Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Simple Ads Manager is one of the plug-ins used to manage ads. A security vulnerability exists in the WordPress Simp...

wataaah.de XSS vulnerability

Vulnerable URL: https://wataaah.de/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=wataaah="http://sergiomuttyofficial.tumblr.com Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

starlightcarriages.com XSS vulnerability

Vulnerable URL: http://starlightcarriages.com/wp-content/plugins/wp-simpleviewer/svcore/full.html?bg="222222=http://starlightcarriages.com/wp-content/plugins/wp-simpleviewer/gallery.php?galleryid=11=http://starlightcarriages.com/=true=true=false=true=true=true=fff=fff=true=-1=SimpleViewer Gallery...

Rogue Wordpress Plugin Allowed Spam Injection

A popular WordPress plugin called Display Widgets running on 200,000 sites was removed from the official WordPress.org plugin repository after researchers discovered the plugin had a backdoor that was injecting spam ads into victims’ sites. According to researchers at Wordfence who publicly...

Design/Logic Flaw

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/adminsetting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement...

Sql injection

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/adminsetting.php...

Sql injection

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via selectMulGallery parameter...

Security feature bypass

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...