CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.1AI score0.03077EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-3467

Malware in sbrugna...

7.5CVSS6.4AI score0.03329EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-4495

Malware in sbrugna...

7.2CVSS7AI score0.00511EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2014-6199

Malware in sbrugna...

4.3CVSS6.1AI score0.00304EPSS

Exploits3References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-8421

Malware in sbrugna...

4.3CVSS6.2AI score0.00679EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2018-2375

Malware in sbrugna...

6.1CVSS6.5AI score0.00188EPSS

Exploits2References4

RedhatCVE•added 2025/05/22 1:11 a.m.•5 views

CVE-2014-8584

Cross-site scripting XSS vulnerability in the Web Dorado Spider Video Player aka WordPress Video Player plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00679EPSS

Exploits0References1

Packet Storm•added 2024/09/01 12:0 a.m.•154 views

Web-Dorado ECommerce WD For Joomla! Search_category_id SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Web-Dorado ECommerce WD for Joomla! searchcategoryid SQL Injection Scanner', 'Description' = %q This module will scan for hosts...

7.5CVSS7.1AI score0.4354EPSS

Exploits3

0day.today•added 2019/04/07 12:0 a.m.•38 views

WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...

0.5AI score

Exploits0

Exploit DB•added 2019/04/05 12:0 a.m.•317 views

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...

7.4AI score

Exploits0

exploitpack•added 2019/04/05 12:0 a.m.•10 views

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...

1.2AI score

Exploits0

Japan Vulnerability Notes•added 2018/11/02 12:0 a.m.•548 views

JVN#75738023: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.002EPSS

Exploits0

CNVD•added 2018/04/25 12:0 a.m.•4 views

WordPress Web-Dorado Instagram Feed WD Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Web-Dorado Instagram Feed WD plugin is a social media content sharing plugin used in ... A cross-site scripting...

6.1CVSS6AI score0.00188EPSS

Exploits2References1

CNVD•added 2018/04/25 12:0 a.m.•5 views

WordPress Web-Dorado Instagram Feed WD plugin cross-site scripting vulnerability (CNVD-2018-08291)

6.1CVSS5.9AI score0.00188EPSS

Exploits2References1

Packet Storm•added 2018/04/24 12:0 a.m.•58 views

WordPress WD Instagram Feed Premium 1.3.0 Cross Site Scripting

WD Instagram Feed 1.3.0aaaXSS Vulnerabilities Two cross-site scripting vulnerabilities in the WD Instagram Feed WordPress plugin allow attackers to inject arbitrary web script or HTML by passing payloads through the bio of an Instagram profile or remotely via comments on an Instagram post...

0.1AI score0.00188EPSS

Exploits2

NVD•added 2018/04/23 6:29 p.m.•15 views

CVE-2018-10300

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio...

6.1CVSS6.2AI score0.00188EPSS

Exploits2References2

OSV•added 2018/04/23 6:29 p.m.•0 views

CVE-2018-10300

6.1CVSS7.2AI score0.00188EPSS

Exploits2References2

OSV•added 2018/04/23 6:29 p.m.•1 views

CVE-2018-10301

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post...

6.1CVSS7.3AI score0.00188EPSS

Exploits2References2