Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8961 matches found

Patchstack
Patchstackadded 2014/11/20 12:0 a.m.29 views

WordPress <= 3.9.2 - XSS

This vulnerability is in the "wptexturize" function. It allows the attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post. Solution Update WordPress...

4.3CVSS4.1AI score0.04978EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2014/10/15 2:55 p.m.10 views

CVE-2014-6312

Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...

4.3CVSS6.5AI score0.04155EPSS
Exploits1References6
Cvelist
Cvelistadded 2014/10/15 2:0 p.m.17 views

CVE-2014-6312

Cross-site request forgery CSRF vulnerability in the Login Widget With Shortcode login-sidebar-widget plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the customstyleafo paramete...

6.5AI score0.04155EPSS
Exploits1References6
CVE
CVEadded 2014/10/15 2:0 p.m.50 views

CVE-2014-6312

CVE-2014-6312: A CSRF vulnerability in the WordPress plugin Login Widget With Shortcode (login-sidebar-widget) prior to version 3.2.1 allows remote attackers to hijack administrator sessions and perform XSS via the custom_style_afo parameter on the login_widget_afo page leading to wp-admin/option...

4.3CVSS6.7AI score0.04155EPSS
Exploits1References6Affected Software1
Patchstack
Patchstackadded 2014/09/25 12:0 a.m.12 views

WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities

Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc. Solution Update the plugin...

1.6AI score
Exploits0References1Affected Software1
exploitpack
exploitpackadded 2014/09/25 12:0 a.m.15 views

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

0.2AI score
Exploits0
Exploit DB
Exploit DBadded 2014/09/25 12:0 a.m.30 views

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2014/09/18 12:0 a.m.37 views

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS Vulnerabilities

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

6.9AI score
Exploits0
seebug.org
seebug.orgadded 2014/09/11 12:0 a.m.24 views

WordPress download-shortcode 1.1 /wp-content/force-download.php 本地文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
OpenVAS
OpenVASadded 2014/09/08 12:0 a.m.20 views

WordPress ShortCode Plugin Directory Traversal Vulnerability

WordPress ShortCode Plugin is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS6.4AI score0.13543EPSS
Exploits5References4
seebug.org
seebug.orgadded 2014/09/04 12:0 a.m.22 views

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87214' version = '1' vulDate = '1409760000' createDate = '1442937600' references =...

7.1AI score
Exploits0
Prion
Prionadded 2014/09/03 7:55 p.m.26 views

Directory traversal

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS7.1AI score0.13543EPSS
Exploits5References6Affected Software1
CVE
CVEadded 2014/09/03 7:0 p.m.52 views

CVE-2014-5465

The CVE-2014-5465 issue affects the WordPress ShortCode Plugin (Download ShortCode) version 0.2.3 and earlier, where force-download.php is vulnerable to directory traversal via a .. in the file parameter, enabling reading arbitrary local files. OpenVAS/PRION/CVE references corroborate a Local Fil...

5CVSS6.8AI score0.13543EPSS
Exploits5References6Affected Software1
Cvelist
Cvelistadded 2014/09/03 7:0 p.m.34 views

CVE-2014-5465

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

6.6AI score0.13543EPSS
Exploits5References6
Patchstack
Patchstackadded 2014/08/28 12:0 a.m.20 views

WordPress ShortCode Plugin 0.2.3 - Local File Inclusion

This vulnerability can be exploited to include arbitrary files. Solution Upgrade the plugin...

5CVSS2.5AI score0.13543EPSS
Exploits5References1Affected Software1
0day.today
0day.todayadded 2014/08/28 12:0 a.m.48 views

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 1.1 Plugin Name : Download...

5CVSS0.2AI score0.13543EPSS
Exploits5
exploitpack
exploitpackadded 2014/08/28 12:0 a.m.18 views

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download...

5CVSS6.5AI score0.13543EPSS
Exploits5
Exploit DB
Exploit DBadded 2014/08/28 12:0 a.m.41 views

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Plugin Download Link :...

5CVSS6.5AI score0.13543EPSS
Exploits5
Packet Storm
Packet Stormadded 2014/08/26 12:0 a.m.29 views

WordPress ShortCode 0.2.3 Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Vendor Home : http://werdswords.com/ Date :...

5CVSS6.6AI score0.13543EPSS
Exploits5
WPVulnDB
WPVulnDBadded 2014/08/01 10:59 a.m.17 views

Polldaddy Polls & Rating 2.0.24 - polldaddy-org.php unique_id Ratings Shortcode XSS

The Crowdsignal Polls & Ratings WordPress plugin was affected by a polldaddy-org.php uniqueid Ratings Shortcode XSS security vulnerability...

4.3CVSS2.3AI score0.01578EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder