9 matches found
EUVD-2018-17955
Malware in sbrugna...
EUVD-2018-17956
Malware in sbrugna...
Design/Logic Flaw
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-6194
A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...
CVE-2018-6195
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...
CVE-2018-6194
The CVE-2018-6194 entry describes a Cross-Site Scripting (XSS) vulnerability in WordPress Splashing Images plugin (wp-splashing-images) versions before 2.1.1. The flaw is in admin/partials/wp-splashing-admin-sidebar.php where the search parameter is echoed directly into the value attribute of an ...
CVE-2018-6195
CVE-2018-6195 affects the WordPress plugin wp-splashing-images prior to 2.1.1. An authenticated user (administrator, editor, or author) can exploit PHP Object Injection by sending crafted serialized data in the session parameter to wp-admin/upload.php, allowing remote code execution-like impact. ...