6150 matches found
DEBIAN-CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
UBUNTU-CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
CVE-2015-5715
The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...
Security Alert: WordPress Forum plug-in bbPress, there is stored XSS vulnerability, the impact of fix version 2. 5. 9 all previous versions-bug warning-the black bar safety net
Recently, the WordPress parent company Automattic released bbPress 2.5.9 version in the official WordPress Forum plugin to the latest version, fixes a higher threat of the storage typeXSSvulnerabilities that affect the scope include existing bbPress version, i.e., version 2.5.9 of all will suffer...
WordPress Simple Add Pages or Posts plugin cross-site request forgery vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress Simple Add Pages or Posts plugin. It allows remote attacke...
Cross site scripting
Cross-site scripting XSS vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-1160
Cross-site scripting XSS vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-1160
Cross-site scripting XSS vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-1160
Cross-site scripting XSS vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-1160
CVE-2016-1160 concerns the WordPress plugin WP Favorite Posts (versions before 1.6.6). The vulnerability is a Cross-Site Scripting (XSS) issue that allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Affected software is the WP Favorite Posts plugin for WordPress; the...
WordPress WP Favorite Posts Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WP Favorite Posts is one of the post collection plugin. A cross-site scripting vulnerability exists in WordPress WP...
WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
Overview "WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...
JVN#86517621: WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting
"WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update to the...
WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation
''' Exploit Title: WordPress Bulk Delete Plugin Privilege Escalation Discovery Date: 2016-02-10 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://bulkwp.com/ Software Link: https://wordpress.org/plugins/bulk-delete/ Version: 5.5.3 Tested on:...
WordPress User Submitted Posts Plugin <= 20151113 - XSS
Because of this vulnerability, users with "unfilteredhtml" capability are allowed to include JS code to post content. Solution Update the plugin...
WordPress User Submitted Posts 20151113 Cross Site Scripting
Exploit Title: WordPress User Submitted Posts Plugin Persistent XSS Discovery Date: 2016-02-10 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: https://plugin-planet.com/ Software Link: https://wordpress.org/plugins/user-submitted-posts/ Version:...
ElegantThemes - Privilege Escalation
Description An information disclosure vulnerability was found in the Divi Builder included in our Divi and Extra themes, as well as our Divi Builder plugin which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link:...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link: https://downloads.wordpress.org/plugin/simple-add-pages-or-posts.1.6.zip Version: 1.6 Teste...
WordPress WP Favorite Posts <= 1.6.5 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Upgrade the plugin...