Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...

Sql injection

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-2710

Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2013-3257

Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...

CVE-2014-3937

The CVE-2014-3937 issue affects the WordPress Contextual Related Posts plugin and is a SQL injection in the plugin’s code prior to version 1.8.10.2. Affected component: Contextual Related Posts plugin for WordPress. Root cause: improper handling of input that leads to arbitrary SQL execution. Imp...

CVE-2013-2710

CVE-2013-2710 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Contextual Related Posts before version 1.8.7 . The flaw allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) via unspecified ve...

CVE-2013-3476

The CVE concerns the WordPress Related Posts plugin (prior to version 2.6.2) for WordPress, where a Cross-Site Request Forgery (CSRF) vulnerability could allow remote attackers to hijack user authentication and perform settings changes via unspecified vectors. The underlying issue is a CSRF flaw ...

CVE-2013-3257

Summary of CVE-2013-3257 (WordPress Related Posts plugin): The Related Posts plugin for WordPress is affected by a CSRF vulnerability in versions before 2.7.2 that allows remote attackers to hijack the authentication of users and perform settings-modification actions via unspecified vectors. The ...

CVE-2013-3476

Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...

WordPress Contextual Related Posts Plugin <= 1.8.10.1 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via unspecified vectors. Solution Update the plugin...

CVE-2013-3477

The CVE-2013-3477 vulnerability is a CSRF flaw in the WordPress plugin Related Posts by Zemanta up to version 1.3.1/1.3.1 (and before 1.3.2), allowing remote attackers to hijack user authentication and change settings via unknown vectors. Affected component: Related Posts by Zemanta plugin; impac...

Jetpack Plugin for WordPress Security Bypass

The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...

CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

DEBIAN-CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

CVE-2014-0165

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...

CVE-2013-5640

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

CVE-2013-5640

Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...