14 matches found
CVE-2018-25324
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...
CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...
CVE-2018-25324
The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...
CVE-2013-7476
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...
EUVD-2015-9142
Malware in sbrugna...
WordPress simple-fields plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-fields is a custom fields plugin used in it. A cross-site scripting vulnerability exists in the WordPress simple-fields plugin...
WordPress simple-fields plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-fields is a custom fields plugin used in it. WordPress simple-fields plug-in exists piece of cross-site request forgery...
CVE-2013-7476
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...
CVE-2013-7476
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...
CVE-2013-7476
The connected advisories confirm a CSRF vulnerability in the WordPress Simple Fields plugin prior to version 1.2, affecting the admin interface. Root cause: CSRF in admin actions could allow unauthorized requests when an authenticated admin visits a malicious page. Impact is described in CVE reco...
WordPress Simple Fields Plugin <= 1.4.10 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Simple Fields Plugin 1.1.6 - Cross Site Request Forgery
This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...
WordPress Simple Fields Plugin 0.3.5 - Remote File Inclusion
This plugin is prone to a remote file inclusion vulnerability. Solution Update the plugin...
WordPress Simple Fields Plugin <= 1.1.6 - Cross Site Request Forgery
This plugin is prone to a cross site request forgery vulnerability via admin functions. Solution Update the plugin...