2426 matches found
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10974
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frssave CSRF with resultant stored XSS...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10975
The CVE-2016-10975 entry concerns the Fluid Responsive Slideshow WordPress plugin (pre-2.2.7). It describes a reflected XSS vulnerability via the skin parameter, with partial integrity impact and no confidentiality/availability impact per the NVD CVSS data, and with user interaction required in t...
CVE-2016-10974
The CVE-2016-10974 vulnerability affects the Fluid Responsive Slideshow WordPress plugin prior to version 2.2.7, where the frs_save CSRF flaw enables stored XSS. Red Hat and CVE records corroborate the issue as a CSRF-related stored XSS in the plugin for WordPress. The weakness arises in the frs_...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
CVE-2017-18597
The CVE-2017-18597 vulnerability affects the WordPress plugin jtrt-responsive-tables (before 4.1.2). Root cause: SQL Injection in admin/class-jtrt-responsive-tables-admin.php via the tableId parameter, exploitable via crafted POST data (authenticated user context shown in PoC). Impact per sources...
Kaseya VSA Agent 9.5 Privilege Escalation
Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...
WordPress Responsive Menu Plugin < 3.1.4 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...
Sql injection
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...
CVE-2019-15331
The CVE-2019-15331 entry concerns the WordPress plugin wp-support-plus-responsive-ticket-system, affected in all versions prior to 9.1.2. Multiple connected sources confirm a vulnerability described as HTML injection / stored cross-site scripting (XSS) in this plugin. The vulnerability stems from...
CVE-2016-10930
The CVE-2016-10930 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System. Affected component: the wp-support-plus-responsive-ticket-system plugin for WordPress. Root cause: insecure direct object reference via a ticket number in the plugin prior to version 7.1.0. Impact: po...
CVE-2014-10387
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
CVE-2014-10388
CVE-2014-10388 affects the WordPress plugin wp-support-plus-responsive-ticket-system prior to version 4.2. Multiple connected sources (RH, NVD, CVE lists, WPVulnDB) consistently describe a full path disclosure vulnerability in this plugin, enabling disclosure of server file paths. Public details ...
CVE-2014-10391
The CVE-2014-10391 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System, specifically versions prior to 4.1. The vulnerability is a JavaScript injection (XSS) flaw caused by insufficient validation of client-side data in the plugin. Impact is that an attacker could trigger...