Lucene search
K

386 matches found

WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.12 views

Paid Member Subscriptions < 2.4.2 - Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to a Reflected Cross-Site Scripting XSS on the edit member page. No CSRF nonce was required. PoC http://www.example.com/wp-admin/admin.php?page=pms-members-page=editmemberid=1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

0.5AI score
Exploits0References1Affected Software1
Gitee
Gitee
added 2021/07/03 7:43 p.m.4 views

vulhub

This repository is an offensive tool for a collection of vulnerable environments and applications, referred to as "Vulhub". It is a collection of Docker images and scripts that simulate various web applications and systems with known vulnerabilities, allowing users to practice and learn about...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.22 views

The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending

The plugin did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect...

5.3CVSS0.0111EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2021/05/06 1:15 p.m.49 views

CVE-2021-24214

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...

6.1CVSS0.0163EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.5 views

WordPress 插件 跨站脚本漏洞

WordPress Larsens Calender is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Larsens Calender plugin version 1.2 and earlier versions, which can be exploited by remote attackers to execute arbitrary web scripts via the "Eintrage hinzufuge...

5.4CVSS5.7AI score0.00798EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2020/08/04 12:0 a.m.20 views

The Official WordPress Facebook Chat Plugin < 1.6 - Authenticated Options Change to Chat Takeover

This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. PoC Obtain PageID from a test Facebook Page found under page - about - pageID. Use...

0.5AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/31 12:0 a.m.9 views

PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Integration Plugin versions 3.3 and earlier Description: The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds. Recommendations: For Jenkins Maven...

6.5CVSS6.2AI score0.0101EPSS
Exploits0References7
Hacker One
Hacker One
added 2019/05/13 3:2 p.m.41 views

Nextcloud: Vulnerable W3 Total Cache plugin version in use on nextcloud.com

Hi there, I noticed you are currently using a vulnerable version of W3 Total Cache, as the changelog containing the plugin version is publicly reachable: https://nextcloud.com/wp-content/plugins/w3-total-cache/changelog.txt W3 Total Cache makes the site vulnerable to a series of attacks, includin...

0.8AI score
Exploits0
ThreatPost
ThreatPost
added 2019/01/28 2:39 p.m.98 views

Wordpress Users Urged to Delete Zero-Day-Ridden Plugin

Researchers are urging WordPress site owners to delete a compromised plugin after multiple zero-day vulnerabilities were discovered being exploited by a malicious actor. Researchers at Wordfence said on Friday that flaws in the plugin, Total Donations, are being exploited by malicious actors to...

7.5CVSS0.26076EPSS
Exploits1References5
exploitpack
exploitpack
added 2018/09/18 12:0 a.m.73 views

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...

6.5CVSS0.4AI score0.04354EPSS
Exploits14
NVD
NVD
added 2018/07/25 11:29 p.m.27 views

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

6.1CVSS6.1AI score0.01255EPSS
Exploits2References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/18 12:0 a.m.520 views

JVN#62423700: Movable Type plugin MTAppjQuery vulnerable to PHP code execution

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP code...

9.8CVSS9.8AI score0.02409EPSS
Exploits0
NVD
NVD
added 2018/06/01 3:29 p.m.25 views

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

6.1CVSS6AI score0.00802EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/04/19 11:19 a.m.29 views

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

7AI score
Exploits0
CNVD
CNVD
added 2018/01/17 12:0 a.m.2 views

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01257)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

4.8CVSS6AI score0.00623EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2017/11/21 12:0 a.m.34 views

WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Advanced Post Type Ratings Plugin 1.1 DFD Reddcoin Tips Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/03/02 12:0 a.m.0 views

WordPress Sites Exposed by Vulnerable Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Sites Exposed by Vulnerable plugin, which allows attackers to exploit t...

7.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/03/01 7:0 a.m.10 views

Million-Plus WordPress Sites Exposed by Vulnerable Plugin

A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack. The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group...

8.2AI score
Exploits0References5
Hacker One
Hacker One
added 2014/08/02 8:27 a.m.34 views

Automattic: Open Redirect in WordPress Feed Statistics {Affected All Versions}

Hi, Feed Statistics Plugin is vulnerable to Open Redirect and effecting large amount of Websites. Which is the reason it should be patched swiftly. Detail description is given below: Tested on: Wordpress 3.9.1 Vulnerable Plugin: Feed Statistics Plugin Link:...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Notepad++ NppFTP plugin LIST command Remote Heap Overflow PoC

No description provided by source. Notepad++ NppFTP plugin LIST command Remote Heap Overflow PoC Date: 17.08.2011 Author: 0in Maksymilian Motyl Mail: 0in dot email /at\ gmail \dot/ com Software Link: http://notepad-plus-plus.org/ Vulnerable plugin: http://sourceforge.net/projects/nppftp/ Version:...

7.1AI score
Exploits0
Rows per page
Query Builder