5776 matches found
Cross-site scripting vulnerability in Wordpress plugin border-loading-bar
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Wordpress plugin border-loading-bar has an xss vulnerability due to...
Wordpress csv2wpec-coupon plugin arbitrary file upload vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. csv2wpec-coupon is one of the plugins that provides import/export WP e-commerce coupons. An arbitrary file upload vulnerability exists in version v1.1 of the Wordpress csv2wpec-coupon...
Wordpress google-adsense-and-hotel-booking plugin denial of service vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. google-adsense-and-hotel-booking is one of the ads automatically inserted and hotel booking plugin. A denial of service vulnerability exists in the...
Wordpress wpsolr-search-engine plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. wpsolr-search-engine is one of the plug-ins used to change the way of search. A cross-site scripting vulnerability exists i...
Wordpress tera-charts plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server set up a personal blog site . tera-charts is one of the plug-ins used to drag and drop charts in the Excel file . A cross-site scripting...
Wordpress ajax-random-post plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . xx is one of the use of Ajax to get the posts of the plugin . A cross-site scripting vulnerability exists in...
Foxit Reader < 8.0 Multiple Vulnerabilities
Binary data 9469.prm...
WordPress Music Store plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.Music Store is one of the plugins used to add a music store to WordPress. A cross-site scripting vulnerability exists in version 1.0.41 of the WordPress Music Store plugin. An attacker can...
WordPress Ultimate Product Catalog 3.8.6 Shell Upload
Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...
Trello: Report bug on jetpack plugin
Hey I saw that u guys upgraded the jetpack plugin And today jetpack has relased that plugins greater 4.0.2 & 4.0.3 have multiple bugs Here is the jetpack blog https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/...
CloudBees Jenkins CI TAP Plugin Path Traversal Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Jenkins CI TAP is o...
WordPress leenk.me Plugin 2.5.0 - CSRF/XSS
No description provided by source...
CVE-2015-5208
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link...
WordPress Event Registration 6.02.02 XSS / SQL Injection
Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS Discovery Date: 2016/03/13 Public Disclosure Date: 2016/05/09 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net Vendor Homepage: http://wpeventregister.com/...
Uber: OneLogin authentication bypass on WordPress sites
First, I'm sorry about reporting another WordPress bug my intention was just to check if WP-OneLogin stores any sensitive info that could be used to attack OneLogin on your other websites. Overview The .uber.com WordPress sites use OneLogin SAML-SSO instead of the normal WordPress login. The...
WordPress Plugin Advanced Video 1.0 - Local File Inclusion
!/usr/bin/env python Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation Google Dork: N/A Date: 04/01/2016 Exploit Author: evait security GmbH Vendor Homepage: arshmultani - http://dscom.it/ Software Link:...
WordPress Photocart Link 1.6 Plugin - Local File Inclusion
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage:...
WordPress Bulk Delete 5.5.3 Privilege Escalation
Exploit Title: Bulk Delete Privilege Escalation Discovery Date: 2016-02-10 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://bulkwp.com/ Software Link: https://wordpress.org/plugins/bulk-delete/ Version: 5.5.3 Tested on: WordPress 4.4.2...
WordPress Connections Business Directory Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language that supports personal blog sites on servers running PHP and MySQL.Connections Business Directory is one of the plugins used to create address books, business directories, member directories, and more. A cross-site scripting...
WordPress Welcart plugin SQL injection vulnerability (CNVD-2015-08468)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Welcart is one of the plug-ins used to create shopping sites. A SQL injection vulnerability exists in WordPress Welcart...