WordPress Slider Revolution - Local File Disclosure

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. id:...

WordPress RevSlider - Remote Code Execution via File Upload

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

CVE-2024-2306

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

CVE-2025-10006 WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2024-27261

Malicious code in bioql PyPI...

CVE-2024-2306

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-2306 Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-2306

CVE-2024-2306 involves the WordPress plugin Slider Revolution (Revslider). The Red Hat and Wordfence-referenced records describe a Stored Cross-Site Scripting (XSS) vulnerability triggered by uploading an SVG file, due to insufficient input sanitization and output escaping. This affects all versi...

CVE-2024-2306 Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

WordPress Revslider plugin <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft , Nikolas - mdr in WordPress Plugin Slider Revolution versions = 6.6.20...

WordPress Plugin Revslider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-19651 · WordPress · Revslider

Name of the Vulnerable Software and Affected Versions: Revslider plugin for WordPress versions up to, and including, 6.6.20 Description: The issue is related to Stored Cross-Site Scripting via svg upload due to insufficient input sanitization and output escaping. This allows authenticated attacke...

Revslider < 6.7.0 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

sky-signs.net XSS vulnerability

Open Bug Bounty ID: OBB-407868 Description| Value ---|--- Affected Website:| sky-signs.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

poxoreu.mt.gov.br XSS vulnerability

Vulnerable URL: http://www.poxoreu.mt.gov.br/wp-admin/admin-ajax.php?action=revsliderajaxactionaction= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

Fake SEO Plugin Used In WordPress Malware Attacks

Malware masquerading itself as an SEO plugin called WP-Base-SEO has infected close to 4,000 WordPress sites in the past two weeks, according to security experts. The intent of the hackers behind the malware is to hide in plain sight, appearing as legitimate SEO plugin, at the same time creating a...

Exploit for Path Traversal in Elegantthemes Divi

CVE-2015-1579 - WP Revslider AFD Exploit: Wordpress Slider Re...

SoakSoak Botnet Pushing Neutrino Exploit Kit and CryptXXX Ransomware

Researchers are reporting a surge in CryptXXX ransomware infections delivered via business websites compromised to redirect to the Neutrino Exploit Kit. Attackers are targeting websites running the Revslider slideshow plugin for WordPress, according to a report released Tuesday by Invincea. Behin...

WordPress Revslider Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...