6174 matches found
ElegantThemes - Privilege Escalation
Description An information disclosure vulnerability was found in the Divi Builder included in our Divi and Extra themes, as well as our Divi Builder plugin which resulted in the potential for user privilege escalation. If properly exploited, it could allow registered users, regardless of role, on...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link:...
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery
Exploit Title: Wordpress simple add pages or posts CSRF Vulnerability Date: 2016/29/01 Exploit Author: ALIREZAPROMIS Vendor Homepage: https://wordpress.org/plugins/simple-add-pages-or-posts/ Software Link: https://downloads.wordpress.org/plugin/simple-add-pages-or-posts.1.6.zip Version: 1.6 Teste...
WordPress WP Favorite Posts <= 1.6.5 - XSS
This vulnerability allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Solution Upgrade the plugin...
WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Vulnerability
WordPress Relevant Related Posts plugin version 1.0.7 suffers from a cross site scripting vulnerability. WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Plugin Name : Relevant Related Posts Plugin Effected Version : 1.0.7 and most probably lower version's if any Vulnerability :...
WordPress < 4.3.1 Multiple Vulnerabilities
Binary data 9032.prm...
WordPress Relevant Related Posts 1.0.7 Cross Site Scripting
Plugin Name : Relevant Related Posts Plugin Effected Version : 1.0.7 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following fields pu...
[SECURITY] [DSA 3375-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...
Debian DSA-3375-1 : wordpress - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. - CVE-2015-5715 A vulnerabilit...
Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)
XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. PoC 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3...
WordPress Recent Posts Widget Extended Plugin <= 0.9.9.3 - Authenticated XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Upgrade the plugin...
Debian Security Advisory DSA 3375-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...
EMC RSA Archer GRC Restriction Bypass Vulnerability
EMC RSA Archer GRC is an enterprise IT governance and compliance governance product. EMC RSA Archer GRC has a security vulnerability that allows a remote attacker to bypass established access restrictions and read or modify Discussion Forum Fields messages...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
WordPress < 4.3.1 Multiple Vulnerabilities
According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...
moodle -- multiple vulnerabilities
Moodle Release Notes report: MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by other...
WordPress WP Attachment Export plugin <= 0.2.3 - Unauthenticated Posts Download vulnerability
Unauthenticated Posts Download vulnerability discovered by Nitin Venkatesh in WordPress WP Attachment Export plugin versions = 0.2.3. Solution Update the WordPress WP Attachment Export plugin to the latest available version at least 0.2.4...
WordPress Privilege Bypass Vulnerability
WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress has a security vulnerability that allows remote attackers to exploit vulnerabilities to bypass security restrictions and edit locked posts...
DEBIAN-CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...