8961 matches found
CVE-2015-5714
Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...
Cross site scripting
Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...
CVE-2015-5714
Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...
UBUNTU-CVE-2015-5714
Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...
CVE-2015-5714
Cross-site scripting XSS vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags...
WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...
WordPress Booking Calendar Contact Form 1.0.23 Shortcode SQL Injection
Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...
WordPress Booking Calendar Contact Form 1.1.23 Plugin - Shortcode SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab...
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...
WordPress < 3.7.9 / 3.8.x < 3.8.9 / 3.9.x < 3.9.7 / 4.1.x < 4.1.6 / 4.2.x < 4.2.3 Multiple Vulnerabilities
Binary data 9030.prm...
Debian Security Advisory DSA 3375-1 (wordpress - security update)
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered. The issue has been fixed by not allowing unclosed HTML elements in attributes. CVE-2015-5715 A vulnerability ha...
wordpress: multiple issues
CVE-2015-5714 cross-side scripting A cross-site scripting vulnerability has been discovered when processing shortcode tags. - CVE-2015-5715 permission bypass It has been discovered that users without proper permissions could publish private posts and make them sticky...
WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
PoC The following payload placed in a page or post does not work in comments: TEST!!!caption width="1" caption='Click me'...
wordpress -- multiple vulnerabilities
Samuel Sidler reports: WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags...
最新版Discuz修复不全导致仍可针对管理员存储XSS
简要描述: 程序员修漏洞得修完全,不认真就不对了 详细说明: 新版本中修复了在 http://wooyun.org/bugs/wooyun-2010-099979 中所提供的插入点 但是由于程序员的疏忽,修复的代码中仍有可用的 shortcode 可以造成 XSS 具体的漏洞分析都在 http://wooyun.org/bugs/wooyun-2010-099979 中都有提及,其主要原因是由于 /static/js/bbcode.js 文件中的 bbcode2html 函数对 shortcode 进行正则替换时,导致可以构造 payload,让编辑器渲染时形成 XSS。 通过 diff...
DEBIAN-CVE-2015-5622
Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...
CVE-2015-5622
Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...
CVE-2015-5622
Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...
CVE-2015-5622
Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...
CVE-2015-5622
CVE-2015-5622 concerns the robustness of WordPress shortcode HTML tag filtering. The patch tightened the parsing in wp-includes/kses.php and related shortcode handling, with fixes released around WordPress 4.2.x and culminating in WordPress 4.2.3. Debian advisories also note fixes for this CVE in...