5776 matches found
WordPress Fusion Engage Local File Disclosure Vulnerability
WordPress Fusion Engage plugin suffers from a local file disclosure vulnerability. Fusion Engage is a commercial wordpress plugin sold by internet marketer and known scammer Precious Ngwu to.. I'm actually not sure. Something to do with video embedding. Anyway, it has a LFD. Here's the relevant...
WordPress Windows Desktop And iPhone Photo Uploader File Upload
Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ Download Link :...
WordPress WP Super Cache Plugin Security Vulnerability Patch
A persistent cross-site scripting XSS vulnerability exists in some versions of a popular WordPress caching engine plugin. The issue – since fixed – exposes vulnerable sites to takeover. From there, attackers could inject malicious scripts, backdoors and so forth. The plugin, WP Super Cache, has...
CVE-2015-1874
Cross-site request forgery CSRF vulnerability in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...
Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net
Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...
WordPress Plugin BestWebSoft Google Captcha Security Bypass Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site.BestWebSoft Google Captcha also known as reCAPTCHA is one of the CAPTCHA authentication system plug-ins. A...
Wordpress Plugin WordPress Survey and Poll SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WordPress Survey and Poll is one of the survey and poll plugin. A SQL injection vulnerability exists in the...
CVE-2014-10012
Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...
WordPress Plugin TweetScribe Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.TweetScribe plugin is a plugin that allows you to subscribe to WordPress blogs using your Twitter account through the tweetscribe.me...
WordPress plugin twimp-wp cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. twimp-wp plugin is a plugin for publishing blog posts to multiple Twitter accounts. A cross-site request forgery...
WordPress Simple Visitor Stat Cross Site Scripting
Title: WordPress 'Simple Visitor Stat' plugin - Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ ---------------------------------------------------------------- Description:...
Custom Websites Running HD FLV Player Plugin Vulnerable
Content management system providers Joomla and WordPress have patched a critical vulnerability in the HD FLV Player, but custom websites running the Flash video player are still vulnerable. Researchers at Sucuri disclosed this week that a separate security issue can be abused to send spam and has...
Google Document Embedder 2.5.16 SQL Injection
Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...
Post highlights 2.0-2.6 - Stored Cross-Site Scripting (XSS)
The post highlights WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
CVE-2014-4586
Multiple cross-site scripting XSS vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to 1 footballclassification.php, 2 footballcriteria.php, 3 templates/templatedefaultpreview.php, or 4...
WordPress Users Ultra 1.3.37 SQL Injection
Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability Risk : High+/Critical Author : XroGuE Google Dork : inurl: wp-content/plugins/users-ultra/ Plugin Version : 1.3.37 Plugin Name : users ultra Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip Vendor Home...
WordPress custom-contact-forms Plugin SQL Upload
The WordPress custom-contact-forms plugin 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas', Vulnerability discovery 'Christian Mehlmauer' Metasploit module , 'License' = MSFLICENSE, 'References' = 'URL',...
MyBB User Social Networks Plugin 1.2 - Stored XSS
No description provided by source. Exploit Title: User Social Networks MyBB Plugin 1.2 - Cross Site Scripting Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - N/A Software Link: http://mods.mybb.com/view/user-social-networks...
Q and A - Multiple Scripts Direct Request Path Disclosure
The q-and-a WordPress plugin was affected by a Multiple Scripts Direct Request Path Disclosure security vulnerability...
BSK PDF Manager < 2.9.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitise the view and cattitle POST parameter when creating or editing a category /wp-admin/admin.php?page=bsk-pdf-manager, allowing authenticated users with a role as low as editor to set an XSS payload which will be triggered in the Categories list...