CVE-2014-9570

CVE-2014-9570 corresponds to two cross-site scripting (XSS) vulnerabilities in the Simple Security WordPress Plugin (MyWebsiteAdvisor), affected versions 1.1.5 and earlier. The flaws arise from insufficient input sanitization of user-supplied data, specifically the datefilter parameter on /wp-adm...

WordPress Simple Security 1.1.5 Cross Site Scripting Vulnerability

WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability. Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical detail...

WordPress Simple Security Plugin <= 1.1.5 - Multiple XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the 1 "datefilter" parameter in the accesslog page to wp-admin/users.php. Solution Update the plugin...

CVE-2014-7958

Cross-site scripting XSS vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter...

CVE-2014-4664

The CVE affects Wordfence Security/Firewall Plugin for WordPress (WordfenceWhois page) where the whoisval parameter in wp-admin/admin.php is not properly sanitized, allowing a reflected XSS. Root cause: insufficient input sanitization of the whoisval GET parameter. Impact: an attacker can craft a...

All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID:...

All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability

No description provided by source. Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-I...

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting

WordPress Plugin All In One WP Security Firewall 3.8.3 - Persistent Cross-Site Scripting Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date:...

WordPress Plugin All In One WP Security &amp; Firewall 3.8.3 - Persistent Cross-Site Scripting

Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID:...

WordPress All In One Security And Firewall 3.8.3 XSS

Document Title: =============== All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID:...

BulletProof Security WP v50.8 - POST Inject Vulnerability

Document Title: =============== BulletProof Security WP v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID: ====================================...

All In One Wordpress FW 3.8.3 - Persistent Vulnerability

Document Title: =============== All In One Wordpress FW 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID: ====================================...

All In One Wordpress FW 3.8.3 - Persistent Vulnerability

Document Title: =============== All In One Wordpress FW 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2013-2182

The Mandril security plugin in Monkey HTTP Daemon monkeyd before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash...

CVE-2013-2182

The CVE-2013-2182 entry concerns the Mandril security plugin in Monkey HTTP Daemon (monkeyd) prior to 1.5.0. The root cause is a bypass of access restrictions via a crafted URI, demonstrated by an encoded forward slash, enabling remote attackers to access restricted paths. Public references corro...

Better WP Security Plugin for WordPress Multiple XSS

The WordPress Better WP Security Plugin installed on the remote host is affected by multiple cross-site scripting XSS vulnerabilities : - The application fails to properly sanitize user-supplied input to the HTTPUSERAGENT header. CVE-2012-4263 - The application fails to properly sanitize...

CVE-2013-3487

BulletProof Security WordPress plugin (Security Log): multiple XSS in the security log via HTML header fields to 400.php/403.php in versions before 0.49. Root cause appears to be improper input handling. Remediation: update to a fixed release (0.49 or newer) per PatchStack and related advisories;...

WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting

WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform...

Monkey HTTP Daemon Mandril Security Plugin - Security Bypass

source: https://www.securityfocus.com/bid/60569/info The Mandril Security plugin for Monkey HTTP Daemon is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, which may aid in launching further...