6300 matches found
WordPress 2.3.1 Unauthorized Post Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This BID is...
WordPress Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Allow PHP in Posts and Pages plugin = 2.0.0.RC1 SQL Injection Vulnerability Date: 2011-08-18 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link:...
Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit
Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...
Wordpress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities
Exploit for php platform in category web applications Details ================ Software: Simple Share Buttons Adder Version: 4.4 Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/ Advisory report:...
Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...
WordPress Video Posts Webcam Recorder Plugin <= 1.55.4 - XSS
Because of this vulnerability in posts/videowhisper/rlogout.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
CVE-2014-3937
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-3476
Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...
CVE-2013-3257
Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...
CVE-2013-2710
Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...
Sql injection
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2013-3257
Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...
CVE-2013-2710
CVE-2013-2710 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Contextual Related Posts before version 1.8.7 . The flaw allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) via unspecified ve...
CVE-2013-3476
Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...
CVE-2014-3937
The CVE-2014-3937 issue affects the WordPress Contextual Related Posts plugin and is a SQL injection in the plugin’s code prior to version 1.8.10.2. Affected component: Contextual Related Posts plugin for WordPress. Root cause: improper handling of input that leads to arbitrary SQL execution. Imp...
CVE-2013-2710
Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2013-3476
The CVE concerns the WordPress Related Posts plugin (prior to version 2.6.2) for WordPress, where a Cross-Site Request Forgery (CSRF) vulnerability could allow remote attackers to hijack user authentication and perform settings changes via unspecified vectors. The underlying issue is a CSRF flaw ...
CVE-2013-3257
Summary of CVE-2013-3257 (WordPress Related Posts plugin): The Related Posts plugin for WordPress is affected by a CSRF vulnerability in versions before 2.7.2 that allows remote attackers to hijack the authentication of users and perform settings-modification actions via unspecified vectors. The ...