Lucene search
+L

136 matches found

Cvelist
Cvelist
added 2016/05/22 1:0 a.m.21 views

CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6AI score0.05361EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2016/05/22 1:0 a.m.39 views

CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

6.1CVSS5.4AI score0.05361EPSS
Exploits0
CVE
CVE
added 2016/05/22 1:0 a.m.87 views

CVE-2016-4566

The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...

6.1CVSS5.9AI score0.05361EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVAS
added 2016/05/19 12:0 a.m.11 views

WordPress Same Origin Method Execution Vulnerability (May 2016) - Linux

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/05/19 12:0 a.m.15 views

WordPress Same Origin Method Execution Vulnerability (May 2016) - Windows

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/05/17 12:0 a.m.14 views

WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Linux

WordPress is prone to multiple cross-site scripting XSS vulnerabilities in third-party libraries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

6.1CVSS6.3AI score0.06405EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/05/12 12:0 a.m.107 views

WordPress < 4.5.2 Multiple Vulnerabilities (ImageTragick)

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.5.2. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a...

10CVSS7.5AI score0.97485EPSS
Exploits13References9
Hacker One
Hacker One
added 2016/05/11 3:26 p.m.14 views

Zomato: Reflected XSS on business-blog.zomato.com - Part 2

Hi guys, I would like to report a reflected XSS on business-blog.zomato.com. 1. Open Chrome and Firefox latest versions 2. Open https://business-blog.zomato.com/wp-includes/js/plupload/plupload.flash.swf?target%g=alert&uid%g=hello& 3. Payload is executed Check the attached screenshot. Solution: -...

1AI score
Exploits0
Debian
Debian
added 2016/05/11 11:4 a.m.28 views

[BSA-110] Security Update for wordpress

Craig Small [email protected] uploaded new packages for wordpress which fixed the following securty problems: CVE-2016-4566 Reflected XSS in PLupload and mediaelement For the jessie-backports distribution the problems have been fixed in version 4.5.2+dfsg-1bpo8+1 Craig Small @smallsees...

6.1CVSS6.3AI score0.05361EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/05/11 12:0 a.m.22 views

FreeBSD : wordpress -- multiple vulnerabilities (3686917b-164d-11e6-94fa-002590263bf5)

Helen Hou-Sandi reports : WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...

6.1CVSS6AI score0.06405EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2016/05/10 9:0 a.m.14 views

WordPress 4.5.2 Security Release

WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result, WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing...

7.8AI score
Exploits0References9
CNVD
CNVD
added 2016/05/09 12:0 a.m.4 views

WordPress has an unspecified vulnerability (CNVD-2016-02898)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.5.1 and earlier versions. The vulnerability can be exploited b...

6.1CVSS6.6AI score0.05361EPSS
Exploits0References1
Patchstack
Patchstack
added 2016/05/07 12:0 a.m.23 views

WordPress <= 4.5.1 - XSS

This vulnerability in plupload.flash.swf in Plupload before 2.1.9 allows an attacker to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack. Solution Update WordPress...

6.1CVSS2.5AI score0.05361EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2016/05/06 12:0 a.m.29 views

wordpress -- multiple vulnerabilities

Helen Hou-Sandi reports: WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library...

1.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/26 12:0 a.m.35 views

WordPress < 3.5.1 Multiple Vulnerabilities

Binary data 9095.prm...

6.4CVSS6.7AI score0.28857EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2015/10/12 12:0 a.m.31 views

WordPress plupload Cross-Site Scripting Vulnerability - Linux

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.4AI score0.06124EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/10/12 12:0 a.m.34 views

WordPress plupload Cross-Site Scripting Vulnerability - Windows

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.4AI score0.06124EPSS
Exploits1References3
exploitpack
exploitpack
added 2015/08/07 12:0 a.m.32 views

Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution

Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop...

Exploits0
CNVD
CNVD
added 2015/08/07 12:0 a.m.4 views

Wordpress Ephox Plupload Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed in PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Ephox Plupload is a Web browser-based file upload module from Ephox, which supports displaying upload progress, automatic image...

4.3CVSS6.8AI score0.06124EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2015/08/05 10:59 a.m.26 views

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

4.3CVSS6AI score0.06124EPSS
Exploits1References2
Rows per page
Query Builder