Lucene search
K

140 matches found

Debian CVE
Debian CVE
added 2017/01/18 9:0 p.m.54 views

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

6.5CVSS5.1AI score0.28258EPSS
Exploits5
Patchstack
Patchstack
added 2016/07/27 12:0 a.m.12 views

WordPress Royal Gallery Plugin - Arbitrary File Upload

This plugin is prone to an arbitrary file upload vulnerability. Solution Update plugin...

3AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2016/07/27 12:0 a.m.13 views

WordPress Power Zoomer Plugin - Arbitrary File Upload

This plugin is prone to an arbitrary file upload vulnerability. Solution Update plugin...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/07/27 12:0 a.m.16 views

WordPress Power Play Gallery Plugin - Arbitrary File Upload

This plugin is prone to an arbitrary file upload vulnerability. Solution Update plugin...

3.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/04/13 12:0 a.m.25 views

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php. Solution Update the plugin...

6.1CVSS3.4AI score0.03462EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2016/03/22 12:0 a.m.16 views

WordPress Memphis Document Library Plugin 3.1.5 - Arbitrary File Download

Memphis Document Library plugin is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Update the plugin...

3.9AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2015/12/17 12:0 a.m.31 views

WordPress Sender 0.7 Cross Site Scripting

Plugin Name : Sender Effected Version : 0.7 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : The following fields put the payload as below...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2015/11/23 12:0 a.m.7 views

WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)

Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...

0.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/08/14 12:0 a.m.28 views

WordPress Google Analyticator <= 6.4.9.5 - Multiple XSS

These vulnerabilities allow an attacker to inject arbitrary web script or HTML via the 1. gadownloadsprefix 2. gadownloads 3. gaadsense 4. gaadmindisableDimentionIndex 5. gaoutboundprefix parameter in the google-analyticator page to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS2.3AI score0.02671EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2015/08/04 12:0 a.m.28 views

WordPress <= 4.2.3 - CSRF

This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action. Solution Update the plugin...

6.8CVSS5.4AI score0.03854EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.6 views

WordPress TinyMCE Plugin <= 3.5 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

2.3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.8 views

WordPress External Video For Everybody Plugin <= 2.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.8 views

WordPress S3 Video Plugin <= 0.97 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.55 views

WordPress Wordfence Plugin <= 3.8.6 - Stored XSS

This plugin is prone to lib/IPTraf.php User-Agent header stored cross site scripting vulnerability. Solution Update plugin...

1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.11 views

WordPress Floating Social Media Links Plugin <= 1.4.2 - Remote File Inclusion

This plugin is prone to fsml-admin.js.php wpp parameter remote file inclusion vulnerability. It allows attackers to obtain sensitive information. Solution Update plugin...

5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.16 views

WordPress Subscribe2 Plugin <= 8.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

2.3AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2015/04/21 12:0 a.m.10 views

WordPress Work The Flow Plugin - Upload Vulnerability

This vulnerability allows an attacker to upload arbitrary PHP code and execute it. Solution Update the plugin...

4.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/04/07 12:0 a.m.19 views

WordPress Welcart Plugin <= 1.4.17 - Multiple XSS

These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the "uscesreferer" parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/membereditform.php, includes/orderlist.php, includes/ordereditform.php,...

4.3CVSS3.8AI score0.02033EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/12 12:0 a.m.10 views

WordPress Page Builder Plugin <= 2.0.3 - Reflected XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/12/07 12:0 a.m.25 views

WordPress Shareaholic Plugin <= 7.6.0 - XSS

This vulnerability is in admin.php. It allows authenticated users to inject arbitrary web script or HTML via the "locationid" parameter that is in a shareaholicaddlocation action to wp-admin/admin-ajax.php. Solution Update the plugin...

3.5CVSS2.6AI score0.03892EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder