2429 matches found
CVE-2015-9485
The CVE-2015-9485 entry concerns ThemeMakers Accio Responsive Parallax One Page Site Template for WordPress (pre-2015-05-15). Affected component/processes allow remote attackers to retrieve sensitive credentials by directly requesting wp-content/uploads/tmm_db_migrate/wp_users.dat, leading to exp...
CVE-2015-9483
The CVE-2015-9483 entry concerns ThemeMakers Invento Responsive Gallery/Architecture Template for WordPress, where an information disclosure vulnerability allows remote attackers to obtain sensitive user data (user_login, user_pass, user_email) by directly requesting wp-content/uploads/tmm_db_mig...
WordPress jtrt-responsive-tables plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. jtrt-responsive-tables is used in one of the HTML form editor plugin . A SQL injection vulnerability exists in the WordPress...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10974
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frssave CSRF with resultant stored XSS...
CVE-2016-10975
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter...
CVE-2016-10975
The CVE-2016-10975 entry concerns the Fluid Responsive Slideshow WordPress plugin (pre-2.2.7). It describes a reflected XSS vulnerability via the skin parameter, with partial integrity impact and no confidentiality/availability impact per the NVD CVSS data, and with user interaction required in t...
CVE-2016-10974
The CVE-2016-10974 vulnerability affects the Fluid Responsive Slideshow WordPress plugin prior to version 2.2.7, where the frs_save CSRF flaw enables stored XSS. Red Hat and CVE records corroborate the issue as a CSRF-related stored XSS in the plugin for WordPress. The weakness arises in the frs_...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
CVE-2017-18597
The CVE-2017-18597 vulnerability affects the WordPress plugin jtrt-responsive-tables (before 4.1.2). Root cause: SQL Injection in admin/class-jtrt-responsive-tables-admin.php via the tableId parameter, exploitable via crafted POST data (authenticated user context shown in PoC). Impact per sources...
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter...
Kaseya VSA Agent 9.5 Privilege Escalation
Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...
WordPress Responsive Menu Plugin < 3.1.4 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress wp-support-plus-responsive-ticket-system plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-support-plus-responsive-ticket-system is a ticket system plugin used in it. A cross-site scripting vulnerability exists in WordPres...
CVE-2014-10388
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure...
Design/Logic Flaw
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...
Sql injection
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection...
CVE-2019-15331
The CVE-2019-15331 entry concerns the WordPress plugin wp-support-plus-responsive-ticket-system, affected in all versions prior to 9.1.2. Multiple connected sources confirm a vulnerability described as HTML injection / stored cross-site scripting (XSS) in this plugin. The vulnerability stems from...
CVE-2016-10930
The CVE-2016-10930 entry concerns the WordPress plugin WP Support Plus Responsive Ticket System. Affected component: the wp-support-plus-responsive-ticket-system plugin for WordPress. Root cause: insecure direct object reference via a ticket number in the plugin prior to version 7.1.0. Impact: po...