17 matches found
EUVD-2018-17956
Malware in sbrugna...
EUVD-2018-17955
Malware in sbrugna...
Design/Logic Flaw
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
Cross site scripting
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-6194
The CVE-2018-6194 entry describes a Cross-Site Scripting (XSS) vulnerability in WordPress Splashing Images plugin (wp-splashing-images) versions before 2.1.1. The flaw is in admin/partials/wp-splashing-admin-sidebar.php where the search parameter is echoed directly into the value attribute of an ...
CVE-2018-6195
CVE-2018-6195 affects the WordPress plugin wp-splashing-images prior to 2.1.1. An authenticated user (administrator, editor, or author) can exploit PHP Object Injection by sending crafted serialized data in the session parameter to wp-admin/upload.php, allowing remote code execution-like impact. ...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
WordPress Splashing Images plugin <=2.1 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability found by Nicolas Buzy-Debat in WordPress Splashing Images plugin versions =2.1. PHP Object Injection attack via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. Solution Update the WordPress Splashing Images plugi...
WordPress Splashing Images plugin <=2.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Nicolas Buzy-Debat in WordPress Splashing Images plugin versions =2.1. Possible remote injection of arbitrary web script or HTML via the search parameter to wp-admin/upload.php. Solution Update the WordPress Splashing Images plugin to the latest...
WordPress Splashing Images Plugin PHP Object Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A PHP object injection...
WordPress Splashing Images Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Splashing Images wp-splashing-images is used in one of the image selection plugin . A cross-site scripting...
Splashing Images <= 2.1 - Cross-Site Scripting (XSS)
The Splashing Images WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Splashing Images <= 2.1 - Authenticated PHP Object Injection
The Splashing Images WordPress plugin was affected by an Authenticated PHP Object Injection security vulnerability...