WP Statistics SQL Injection vulnerability

Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins, that is currently installed on over 300,000 websites. The SQL Injection vulnerability in WP Statistics could be exploited by attackers, with at least a subscriber...

WordPress pdfjs-viewer-shortcode plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress pdfjs-viewer-shortcode plugin, where the program fails to...

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

DEBIAN-CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

UBUNTU-CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

festagro.org XSS vulnerability

Vulnerable URL: http://festagro.org/wp-content/themes/themerush/inc/plugins/shortcode/shortcodepopup.php?get=' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 23102320 VIP website...

tabrix.ir XSS vulnerability

Vulnerable URL: http://tabrix.ir/wp-content/themes/themerush/inc/plugins/shortcode/shortcodepopup.php?get=' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3590646 VIP website...

reggaefestivalguide.com XSS vulnerability

Vulnerable URL: http://reggaefestivalguide.com/wp-content/themes/themerush/inc/plugins/shortcode/shortcodepopup.php?get=' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4150811 VIP...

topklip.net XSS vulnerability

Vulnerable URL: http://topklip.net/wp-content/themes/themerush/inc/plugins/shortcode/shortcodepopup.php?get=' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4299588 VIP website...

Wordpress forget-about-shortcode-buttons plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site. get-about-shortcode-buttons is one of the plug-ins used to add CSS buttons in the post editor screen. A cross-site...

CVE-2016-1000133

Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1...

CVE-2016-1000133

Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1...

Cross site scripting

Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1...

CVE-2016-1000133

The Nuclei template confirms CVE-2016-1000133: a reflected XSS in WordPress plugin forget-about-shortcode-buttons v1.1.1, enabling arbitrary script execution in a user’s browser and potential cookie theft. Affected component: WordPress plugin forget-about-shortcode-buttons (version 1.1.1). Root c...

WordPress Ultimate Product Catalog 3.9.8 Plugin - (do_shortcode via ajax) Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: Wordpress Ultimate-Product-Catalog getrow"SELECT FROM $cataloguestablename WHERE CatalogueID=" . $id; $CatalogueItems = $wpdb-getresults"SELECT FROM $catalogueitemstablename WHERE CatalogueID=" . $id . " ORDER BY Position";...

WordPress Jetpack Shortcode Embeds Module Code Injection

A cross-site scripting vulnerability exist reported in WordPress JetPack plugin Shortcode Embeds module. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

DEBIAN-CVE-2015-5714

Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...

CVE-2015-5714

Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...