CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

27 matches found

Patchstack•added 2018/05/17 12:0 a.m.•9 views

WordPress Metronet Tag Manager plugin <=1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Tom Adams dxw in WordPress Metronet Tag Manager plugin versions =1.2.7. Solution Update the WordPress Metronet Tag Manager plugin to the latest available version at least 1.2.9...

Exploits0References1Affected Software1

0day.today•added 2018/05/16 12:0 a.m.•57 views

WordPress Metronet Tag Manager 1.2.7 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or later...

Packet Storm•added 2018/05/15 12:0 a.m.•36 views

WordPress WP ULike 2.8.1 / 3.1 Cross Site Scripting

Details ================ Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/stored-xss-wp-ulike/ CVE: Awaiting assignment CVSS: 6.4 Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N Description ================ Stored XS...

Packet Storm•added 2018/05/15 12:0 a.m.•35 views

WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion

Details ================ Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/wp-ulike-delete-rows/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:P Description ================ WP ULike...

Patchstack•added 2018/05/14 12:0 a.m.•11 views

WordPress WP User Groups plugin <=2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Tom Adams dxw in WordPress WP User Groups plugin versions =2.0.0. Solution Update the WordPress WP User Groups plugin to the latest available version at least 2.1.0...

Exploits0References1Affected Software1

Packet Storm•added 2018/04/11 12:0 a.m.•44 views

WordPress Rating-Widget: Star Review System 2.8.9 Information Disclosure

Details ================ Software: Rating-Widget: Star Review System Version: 2.8.9 Homepage: https://wordpress.org/plugins/rating-widget/ Advisory report: https://advisories.dxw.com/advisories/rating-widget-debug-mode/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...

Packet Storm•added 2017/07/31 12:0 a.m.•93 views

Salutation Responsive 3.0.15 Cross Site Scripting

Details ================ Software: Salutation Responsive WordPress + BuddyPress Theme Version: 3.0.15 Homepage: https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199 Advisory report: https://security.dxw.com/advisories/stored-xss-salutation-theme/ CVE: Awaiting...

Packet Storm•added 2016/12/15 12:0 a.m.•89 views

WordPress MailChimp 3.1.5 / 4.0.10 Cross Site Scripting

Details ================ Software: MailChimp for WordPress Version: 3.1.5,4.0.10 Homepage: http://wordpress.org/plugins/mailchimp-for-wp/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/...

exploitpack•added 2016/12/12 12:0 a.m.•11 views

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery alert1" input type="text" name="el0"...

Exploit DB•added 2016/12/12 12:0 a.m.•49 views

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery

alert1" input type="text" name="el1...

Packet Storm•added 2015/09/01 12:0 a.m.•26 views

Watu PRO Play 1.9.2.1 Cross Site Scripting

Details ================ Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://calendarscripts.info/watupro/modules.htmlplay Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting...

Packet Storm•added 2015/08/27 12:0 a.m.•35 views

WordPress Private Only 3.5.1 CSRF / Cross Site Scripting

Details ================ Software: Private Only Version: 3.5.1 Homepage: http://wordpress.org/plugins/private-only/ Advisory report: https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/ CVE: CVE-2015-5483 CVSS:...

0.4AI score0.01584EPSS

Packet Storm•added 2015/08/10 12:0 a.m.•23 views

WordPress iframe 3.0 Stored Cross Site Scripting

Details ================ Software: iframe Version: 3.0 Homepage: http://wordpress.org/plugins/iframe/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-iframe-allows-less-privileged-users-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.5 Medium;...

Packet Storm•added 2015/07/15 12:0 a.m.•22 views

WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion

Details ================ Software: BuddyPress Activity Plus Version: 1.5 Homepage: http://wordpress.org/plugins/buddypress-activity-plus/ Advisory report: https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5/ CVE: Awaiting assignment CVSS: 8.5 High;...

Packet Storm•added 2015/07/15 12:0 a.m.•24 views

WordPress Subscribe To Comments 2.1.2 LFI / Code Execution

Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://wordpress.org/plugins/subscribe-to-comments/ Advisory report: https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/ CVE: Awaiting...

Packet Storm•added 2015/07/12 12:0 a.m.•35 views

WordPress GD bbPress Attachments 2.1 Local File Inclusion

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/ CV...

0day.today•added 2014/10/02 12:0 a.m.•41 views

WordPress Content Audit 1.6 Blind SQL Injection Vulnerability

WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability. Details ================ Software: Content Audit Version: 1.6 Homepage: http://wordpress.org/plugins/content-audit/ Advisory report:...

7.5CVSS0.02334EPSS

0day.today•added 2014/09/25 12:0 a.m.•33 views

Wordpress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

exploitpack•added 2014/09/25 12:0 a.m.•15 views

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

Exploit DB•added 2014/09/25 12:0 a.m.•30 views

WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities

Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by